Always escape the URL echoed by header_image(). fixes #23664.

git-svn-id: https://develop.svn.wordpress.org/trunk@23633 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-07 05:30:00 +00:00 · 2013-03-07 05:30:00 +00:00 · 3213c4ca46
commit 3213c4ca46
parent 458b77814c
1 changed files with 2 additions and 2 deletions
--- a/wp-includes/theme.php
+++ b/wp-includes/theme.php
@ -981,12 +981,12 @@ function is_random_header_image( $type = 'any' ) {
 }
 /**
- * Display header image path.
+ * Display header image URL.
 *
 * @since 2.1.0
 */
 function header_image() {
-	echo get_header_image();
+	echo esc_url( get_header_image() );
 }
 /**