WordPress.org

Make WordPress Core

Ticket #12309: 12309.diff

File 12309.diff, 6.2 KB (added by nacin, 6 years ago)
  • wp-includes/deprecated.php

     
    20702070 */ 
    20712071function sanitize_url( $url, $protocols = null ) { 
    20722072        _deprecated_function( __FUNCTION__, '2.8', 'esc_url_raw()' ); 
    2073         return clean_url( $url, $protocols, 'db' ); 
     2073        return esc_url_raw( $url, $protocols ); 
    20742074} 
    20752075 
    20762076/** 
     2077 * Checks and cleans a URL. 
     2078 * 
     2079 * A number of characters are removed from the URL. If the URL is for displaying 
     2080 * (the default behaviour) amperstands are also replaced. The 'clean_url' filter 
     2081 * is applied to the returned cleaned URL. 
     2082 * 
     2083 * @since 1.2.0 
     2084 * @deprecated 3.0.0 
     2085 * @deprecated Use esc_url() 
     2086 * @see Alias for esc_url() 
     2087 * 
     2088 * @param string $url The URL to be cleaned. 
     2089 * @param array $protocols Optional. An array of acceptable protocols. 
     2090 * @param string $context Optional. How the URL will be used. Default is 'display'. 
     2091 * @return string The cleaned $url after the 'clean_url' filter is applied. 
     2092 */ 
     2093function clean_url( $url, $protocols = null, $context = 'display' ) { 
     2094        if ( $context == 'db' ) 
     2095                _deprecated_function( 'clean_url( $context = \'db\' )', '3.0', 'esc_url_raw()' ); 
     2096        else 
     2097                _deprecated_function( __FUNCTION__, '3.0', 'esc_url()' ); 
     2098        return esc_url( $url, $protocols, $context ); 
     2099} 
     2100 
     2101/** 
    20772102 * Escape single quotes, specialchar double quotes, and fix line endings. 
    20782103 * 
    20792104 * The filter 'js_escape' is also applied by esc_js() 
  • wp-includes/formatting.php

     
    21322132} 
    21332133 
    21342134/** 
    2135  * Checks and cleans a URL. 
    2136  * 
    2137  * A number of characters are removed from the URL. If the URL is for displaying 
    2138  * (the default behaviour) amperstands are also replaced. The 'clean_url' filter 
    2139  * is applied to the returned cleaned URL. 
    2140  * 
    2141  * @since 1.2.0 
    2142  * @uses wp_kses_bad_protocol() To only permit protocols in the URL set 
    2143  *              via $protocols or the common ones set in the function. 
    2144  * 
    2145  * @param string $url The URL to be cleaned. 
    2146  * @param array $protocols Optional. An array of acceptable protocols. 
    2147  *              Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set. 
    2148  * @param string $context Optional. How the URL will be used. Default is 'display'. 
    2149  * @return string The cleaned $url after the 'clean_url' filter is applied. 
    2150  */ 
    2151 function clean_url( $url, $protocols = null, $context = 'display' ) { 
    2152         $original_url = $url; 
    2153  
    2154         if ('' == $url) return $url; 
    2155         $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); 
    2156         $strip = array('%0d', '%0a', '%0D', '%0A'); 
    2157         $url = _deep_replace($strip, $url); 
    2158         $url = str_replace(';//', '://', $url); 
    2159         /* If the URL doesn't appear to contain a scheme, we 
    2160          * presume it needs http:// appended (unless a relative 
    2161          * link starting with / or a php file). 
    2162          */ 
    2163         if ( strpos($url, ':') === false && 
    2164                 substr( $url, 0, 1 ) != '/' && substr( $url, 0, 1 ) != '#' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) ) 
    2165                 $url = 'http://' . $url; 
    2166  
    2167         // Replace ampersands and single quotes only when displaying. 
    2168         if ( 'display' == $context ) { 
    2169                 $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); 
    2170                 $url = str_replace( "'", ''', $url ); 
    2171         } 
    2172  
    2173         if ( !is_array($protocols) ) 
    2174                 $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); 
    2175         if ( wp_kses_bad_protocol( $url, $protocols ) != $url ) 
    2176                 return ''; 
    2177  
    2178         return apply_filters('clean_url', $url, $original_url, $context); 
    2179 } 
    2180  
    2181 /** 
    21822135 * Perform a deep string replace operation to ensure the values in $search are no longer present 
    21832136 * 
    21842137 * Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values 
     
    22292182 * is applied to the returned cleaned URL. 
    22302183 * 
    22312184 * @since 2.8.0 
    2232  * @uses clean_url() 
    22332185 * @uses wp_kses_bad_protocol() To only permit protocols in the URL set 
    22342186 *              via $protocols or the common ones set in the function. 
    22352187 * 
    22362188 * @param string $url The URL to be cleaned. 
    22372189 * @param array $protocols Optional. An array of acceptable protocols. 
    22382190 *              Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set. 
     2191 * @param string $_context Private. Use esc_url_raw() for database usage. 
    22392192 * @return string The cleaned $url after the 'clean_url' filter is applied. 
    22402193 */ 
    2241 function esc_url( $url, $protocols = null ) { 
    2242         return clean_url( $url, $protocols, 'display' ); 
     2194function esc_url( $url, $protocols = null, $_context = 'display' ) { 
     2195        $original_url = $url; 
     2196 
     2197        if ('' == $url) return $url; 
     2198        $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); 
     2199        $strip = array('%0d', '%0a', '%0D', '%0A'); 
     2200        $url = _deep_replace($strip, $url); 
     2201        $url = str_replace(';//', '://', $url); 
     2202        /* If the URL doesn't appear to contain a scheme, we 
     2203         * presume it needs http:// appended (unless a relative 
     2204         * link starting with / or a php file). 
     2205         */ 
     2206        if ( strpos($url, ':') === false && 
     2207                substr( $url, 0, 1 ) != '/' && substr( $url, 0, 1 ) != '#' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) ) 
     2208                $url = 'http://' . $url; 
     2209 
     2210        // Replace ampersands and single quotes only when displaying. 
     2211        if ( 'display' == $_context ) { 
     2212                $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); 
     2213                $url = str_replace( "'", ''', $url ); 
     2214        } 
     2215 
     2216        if ( !is_array($protocols) ) 
     2217                $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); 
     2218        if ( wp_kses_bad_protocol( $url, $protocols ) != $url ) 
     2219                return ''; 
     2220 
     2221        return apply_filters('clean_url', $url, $original_url, $_context); 
    22432222} 
    22442223 
    22452224/** 
    22462225 * Performs esc_url() for database usage. 
    22472226 * 
    22482227 * @since 2.8.0 
    2249  * @uses clean_url() 
     2228 * @uses esc_url() 
    22502229 * 
    22512230 * @param string $url The URL to be cleaned. 
    22522231 * @param array $protocols An array of acceptable protocols. 
    22532232 * @return string The cleaned URL. 
    22542233 */ 
    22552234function esc_url_raw( $url, $protocols = null ) { 
    2256         return clean_url( $url, $protocols, 'db' ); 
     2235        return esc_url( $url, $protocols, 'db' ); 
    22572236} 
    22582237 
    22592238/**