#56133 closed defect (bug) (fixed)
URL escaping added in 'class-custom-background.php' file
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 6.1 | Priority: | normal |
| Severity: | normal | Version: | 3.0 |
| Component: | Customize | Keywords: | has-patch |
| Focuses: | administration, coding-standards | Cc: |
Description
My first ticket and really excited to contribute to the WordPress core.
Let me know if I need anything else to do.
Change History (10)
This ticket was mentioned in PR #2938 on WordPress/wordpress-develop by robinwpdeveloper.
15 months ago
#1
- Keywords has-patch added
#2
@
15 months ago
- Keywords has-patch removed
Hi @robinwpdeveloper
Welcome to WP Community! You are more than welcome here to share your opinion and do contribution to make wp even better! Please add some more descriptions of your ticket and possibly add a patch file to see what you have in mind and how it benefits & improves WP!!
#4
@
15 months ago
File path: src/wp-admin/includes/class-custom-background.php
Here home_url( '/' ) is used (Line: 253) without any escaping.
But in other files (e.x. wp-login.php - Line 289) esc_url is used to escape home_url() properly.
We need to do the same in src/wp-admin/includes/class-custom-background.php too.
Happy Coding :)
#6
follow-up:
↓ 8
@
15 months ago
- Milestone changed from Awaiting Review to 6.1
Hi @robinwpdeveloper, welcome to Trac and thanks for the patch! Let's milestone this for 6.1.
@SergeyBiryukov, I see you're listed as the owner. Do you think this patch has anything else to consider, or is it good to go?
Also see the related ticket #56132 for another unescaped instance of home_url().
#8
in reply to:
↑ 6
@
15 months ago
Replying to costdev:
Do you think this patch has anything else to consider, or is it good to go?
I think this looks good :) Thanks everyone!
SergeyBiryukov commented on PR #2938:
15 months ago
#10
Thanks for the PR! Merged in r53643.
Trac ticket: 56133