Ticket #12309 (closed enhancement: fixed)

Opened 2 years ago

Last modified 2 years ago

Deprecate clean_url() in favor of esc_url() and esc_url_raw()

Reported by: nacin Owned by: nacin
Priority: normal Milestone: 3.0
Component: Inline Docs Version:
Severity: normal Keywords:
Cc:

Description

Though eliminating a straight alias doesn't make much of a difference, the less validation and sanitization functions we have, the less confused plugin authors are, which hopefully means they try to write more secure the code.

We should merge clean_url() into esc_url(), giving esc_url() a $_context argument. esc_url_raw() can then call esc_url() with a $_context of 'db'.

Attachments

12309.diff Download (6.2 KB) - added by nacin 2 years ago.

Change History

nacin2 years ago

comment:1   nacin2 years ago

(In [13297]) Use esc_url() instead of clean_url(). See #12309

comment:2   nacin2 years ago

  • Status changed from new to closed
  • Resolution set to fixed

[13299]

Note: See TracTickets for help on using tickets.