WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#25529 closed defect (bug) (fixed)

Smiley URL is not escaped within translate_smiley

Reported by: simonwheatley Owned by: SergeyBiryukov
Milestone: 3.8 Priority: normal
Severity: normal Version: 2.8
Component: Formatting Keywords: has-patch dev-feedback commit
Focuses: Cc:

Description

While documenting the hooks in formatting.php, #25518, I noticed that the URL used in the img element is not escaped.

Attachments (2)

25529.diff (653 bytes) - added by simonwheatley 6 years ago.
Move esc_attr on $smiley closer to the output, use esc_url on the URL used for the src.
25529.tests.diff (982 bytes) - added by simonwheatley 6 years ago.
Tests for translate_smiley escaping the URL (actually the right tests now)

Download all attachments as: .zip

Change History (7)

@simonwheatley
6 years ago

Move esc_attr on $smiley closer to the output, use esc_url on the URL used for the src.

@simonwheatley
6 years ago

Tests for translate_smiley escaping the URL (actually the right tests now)

#1 @simonwheatley
6 years ago

  • Keywords dev-feedback added

#2 @GaryJ
6 years ago

Main patch looks good to me.

#3 @SergeyBiryukov
6 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 3.8

25529.diff looks good to me. The unit test is probably not necessary here.

#4 @SergeyBiryukov
6 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 26487:

Escape smiley URL in translate_smiley().

props simonwheatley.
fixes #25529.

#5 @SergeyBiryukov
6 years ago

In 26488:

Update unit tests for convert_smilies(). see #25529.

Note: See TracTickets for help on using tickets.