Make WordPress Core

Context Navigation

← Previous Ticket
Next Ticket →

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#25529 closed defect (bug) (fixed)

Smiley URL is not escaped within translate_smiley

Reported by:	simonwheatley	Owned by:	SergeyBiryukov
Milestone:	3.8	Priority:	normal
Severity:	normal	Version:	2.8
Component:	Formatting	Keywords:	has-patch dev-feedback commit
Focuses:		Cc:

Description

While documenting the hooks in formatting.php, #25518, I noticed that the URL used in the img element is not escaped.

Attachments (2)

25529.diff (653 bytes) - added by simonwheatley 12 years ago.: Move esc_attr on $smiley closer to the output, use esc_url on the URL used for the src.
25529.tests.diff (982 bytes) - added by simonwheatley 12 years ago.: Tests for translate_smiley escaping the URL (actually the right tests now)

Download all attachments as: .zip

Change History (7)

@simonwheatley
12 years ago

Attachment 25529.diff added

Move esc_attr on $smiley closer to the output, use esc_url on the URL used for the src.

@simonwheatley
12 years ago

Attachment 25529.tests.diff added

Tests for translate_smiley escaping the URL (actually the right tests now)

#1 @simonwheatley
12 years ago

Keywords dev-feedback added

#2 @GaryJ
12 years ago

Main patch looks good to me.

#3 @SergeyBiryukov
12 years ago

Keywords commit added
Milestone changed from Awaiting Review to 3.8

25529.diff looks good to me. The unit test is probably not necessary here.

#4 @SergeyBiryukov
12 years ago

Owner set to SergeyBiryukov
Resolution set to fixed
Status changed from new to closed

Escape smiley URL in translate_smiley().

props simonwheatley.
fixes #25529.

#5 @SergeyBiryukov
12 years ago

Update unit tests for convert_smilies(). see #25529.

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats: