From a841b68181717f927c012bc3e813c624c9c585a8 Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Wed, 10 Jul 2013 04:42:03 +0000 Subject: [PATCH] When generating a background image thumbnail URL, escape percent signs for the eventual sprintf() call inside get_theme_mod(). props cfinke. fixes #21241. git-svn-id: https://develop.svn.wordpress.org/trunk@24630 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/custom-background.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/wp-admin/custom-background.php b/wp-admin/custom-background.php index 31b02dee23..ac2941f28a 100644 --- a/wp-admin/custom-background.php +++ b/wp-admin/custom-background.php @@ -203,16 +203,17 @@ if ( $bgcolor = get_background_color() ) $background_styles .= 'background-color: #' . $bgcolor . ';'; if ( get_background_image() ) { + $background_image_thumb = esc_url( set_url_scheme( get_theme_mod( 'background_image_thumb', str_replace( '%', '%%', get_background_image() ) ) ) ); // background-image URL must be single quote, see below - $background_styles .= ' background-image: url(\'' . set_url_scheme( get_theme_mod( 'background_image_thumb', get_background_image() ) ) . '\');' + $background_styles .= ' background-image: url(\'' . $background_image_thumb . '\');' . ' background-repeat: ' . get_theme_mod('background_repeat', 'repeat') . ';' . ' background-position: top ' . get_theme_mod('background_position_x', 'left'); } ?>
-
- +
+