#56064 closed enhancement (fixed)
PHPCS issue in wp-admin/include/media.php .
Reported by: | smit08 | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 6.1 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Media | Keywords: | has-patch commit |
Focuses: | coding-standards | Cc: |
Description
Used escaping function esc_attr instead of esc_url.
$html = '<a href="' . esc_attr( $url ) . '"' . $rel . '>' . $html . '</a>';
Attachments (1)
Change History (6)
#1
@
2 years ago
- Focuses coding-standards added
- Keywords has-patch commit added; needs-patch removed
#3
@
2 years ago
Hi there, thanks for the patch!
It looks like esc_attr()
was used here as of [12051] / #10252, since esc_url()
did not work correctly with some accented characters at the time, see #10859.
Since #10859 was fixed in [12199], and esc_url()
no longer returns an empty string for the URL listed there in my testing, I think we should indeed be able to esc_url()
here.
Version 0, edited 2 years ago
by
(next)
Note: See
TracTickets for help on using
tickets.
Hi there!
Thanks for the ticket and patch. The 56064.patch patch makes sense to me and it's better to check the correct escape function for URL's enhancement.
commit
keyword added.