WordPress.org

Make WordPress Core

Ticket #12309: 12309.diff

File 12309.diff, 6.2 KB (added by nacin, 8 years ago)
  • wp-includes/deprecated.php

     
    20702070 */
    20712071function sanitize_url( $url, $protocols = null ) {
    20722072        _deprecated_function( __FUNCTION__, '2.8', 'esc_url_raw()' );
    2073         return clean_url( $url, $protocols, 'db' );
     2073        return esc_url_raw( $url, $protocols );
    20742074}
    20752075
    20762076/**
     2077 * Checks and cleans a URL.
     2078 *
     2079 * A number of characters are removed from the URL. If the URL is for displaying
     2080 * (the default behaviour) amperstands are also replaced. The 'clean_url' filter
     2081 * is applied to the returned cleaned URL.
     2082 *
     2083 * @since 1.2.0
     2084 * @deprecated 3.0.0
     2085 * @deprecated Use esc_url()
     2086 * @see Alias for esc_url()
     2087 *
     2088 * @param string $url The URL to be cleaned.
     2089 * @param array $protocols Optional. An array of acceptable protocols.
     2090 * @param string $context Optional. How the URL will be used. Default is 'display'.
     2091 * @return string The cleaned $url after the 'clean_url' filter is applied.
     2092 */
     2093function clean_url( $url, $protocols = null, $context = 'display' ) {
     2094        if ( $context == 'db' )
     2095                _deprecated_function( 'clean_url( $context = \'db\' )', '3.0', 'esc_url_raw()' );
     2096        else
     2097                _deprecated_function( __FUNCTION__, '3.0', 'esc_url()' );
     2098        return esc_url( $url, $protocols, $context );
     2099}
     2100
     2101/**
    20772102 * Escape single quotes, specialchar double quotes, and fix line endings.
    20782103 *
    20792104 * The filter 'js_escape' is also applied by esc_js()
  • wp-includes/formatting.php

     
    21322132}
    21332133
    21342134/**
    2135  * Checks and cleans a URL.
    2136  *
    2137  * A number of characters are removed from the URL. If the URL is for displaying
    2138  * (the default behaviour) amperstands are also replaced. The 'clean_url' filter
    2139  * is applied to the returned cleaned URL.
    2140  *
    2141  * @since 1.2.0
    2142  * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
    2143  *              via $protocols or the common ones set in the function.
    2144  *
    2145  * @param string $url The URL to be cleaned.
    2146  * @param array $protocols Optional. An array of acceptable protocols.
    2147  *              Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.
    2148  * @param string $context Optional. How the URL will be used. Default is 'display'.
    2149  * @return string The cleaned $url after the 'clean_url' filter is applied.
    2150  */
    2151 function clean_url( $url, $protocols = null, $context = 'display' ) {
    2152         $original_url = $url;
    2153 
    2154         if ('' == $url) return $url;
    2155         $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
    2156         $strip = array('%0d', '%0a', '%0D', '%0A');
    2157         $url = _deep_replace($strip, $url);
    2158         $url = str_replace(';//', '://', $url);
    2159         /* If the URL doesn't appear to contain a scheme, we
    2160          * presume it needs http:// appended (unless a relative
    2161          * link starting with / or a php file).
    2162          */
    2163         if ( strpos($url, ':') === false &&
    2164                 substr( $url, 0, 1 ) != '/' && substr( $url, 0, 1 ) != '#' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) )
    2165                 $url = 'http://' . $url;
    2166 
    2167         // Replace ampersands and single quotes only when displaying.
    2168         if ( 'display' == $context ) {
    2169                 $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
    2170                 $url = str_replace( "'", ''', $url );
    2171         }
    2172 
    2173         if ( !is_array($protocols) )
    2174                 $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
    2175         if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
    2176                 return '';
    2177 
    2178         return apply_filters('clean_url', $url, $original_url, $context);
    2179 }
    2180 
    2181 /**
    21822135 * Perform a deep string replace operation to ensure the values in $search are no longer present
    21832136 *
    21842137 * Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values
     
    22292182 * is applied to the returned cleaned URL.
    22302183 *
    22312184 * @since 2.8.0
    2232  * @uses clean_url()
    22332185 * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
    22342186 *              via $protocols or the common ones set in the function.
    22352187 *
    22362188 * @param string $url The URL to be cleaned.
    22372189 * @param array $protocols Optional. An array of acceptable protocols.
    22382190 *              Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.
     2191 * @param string $_context Private. Use esc_url_raw() for database usage.
    22392192 * @return string The cleaned $url after the 'clean_url' filter is applied.
    22402193 */
    2241 function esc_url( $url, $protocols = null ) {
    2242         return clean_url( $url, $protocols, 'display' );
     2194function esc_url( $url, $protocols = null, $_context = 'display' ) {
     2195        $original_url = $url;
     2196
     2197        if ('' == $url) return $url;
     2198        $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
     2199        $strip = array('%0d', '%0a', '%0D', '%0A');
     2200        $url = _deep_replace($strip, $url);
     2201        $url = str_replace(';//', '://', $url);
     2202        /* If the URL doesn't appear to contain a scheme, we
     2203         * presume it needs http:// appended (unless a relative
     2204         * link starting with / or a php file).
     2205         */
     2206        if ( strpos($url, ':') === false &&
     2207                substr( $url, 0, 1 ) != '/' && substr( $url, 0, 1 ) != '#' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) )
     2208                $url = 'http://' . $url;
     2209
     2210        // Replace ampersands and single quotes only when displaying.
     2211        if ( 'display' == $_context ) {
     2212                $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
     2213                $url = str_replace( "'", ''', $url );
     2214        }
     2215
     2216        if ( !is_array($protocols) )
     2217                $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
     2218        if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
     2219                return '';
     2220
     2221        return apply_filters('clean_url', $url, $original_url, $_context);
    22432222}
    22442223
    22452224/**
    22462225 * Performs esc_url() for database usage.
    22472226 *
    22482227 * @since 2.8.0
    2249  * @uses clean_url()
     2228 * @uses esc_url()
    22502229 *
    22512230 * @param string $url The URL to be cleaned.
    22522231 * @param array $protocols An array of acceptable protocols.
    22532232 * @return string The cleaned URL.
    22542233 */
    22552234function esc_url_raw( $url, $protocols = null ) {
    2256         return clean_url( $url, $protocols, 'db' );
     2235        return esc_url( $url, $protocols, 'db' );
    22572236}
    22582237
    22592238/**