2135 | | * Checks and cleans a URL. |
2136 | | * |
2137 | | * A number of characters are removed from the URL. If the URL is for displaying |
2138 | | * (the default behaviour) amperstands are also replaced. The 'clean_url' filter |
2139 | | * is applied to the returned cleaned URL. |
2140 | | * |
2141 | | * @since 1.2.0 |
2142 | | * @uses wp_kses_bad_protocol() To only permit protocols in the URL set |
2143 | | * via $protocols or the common ones set in the function. |
2144 | | * |
2145 | | * @param string $url The URL to be cleaned. |
2146 | | * @param array $protocols Optional. An array of acceptable protocols. |
2147 | | * Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set. |
2148 | | * @param string $context Optional. How the URL will be used. Default is 'display'. |
2149 | | * @return string The cleaned $url after the 'clean_url' filter is applied. |
2150 | | */ |
2151 | | function clean_url( $url, $protocols = null, $context = 'display' ) { |
2152 | | $original_url = $url; |
2153 | | |
2154 | | if ('' == $url) return $url; |
2155 | | $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); |
2156 | | $strip = array('%0d', '%0a', '%0D', '%0A'); |
2157 | | $url = _deep_replace($strip, $url); |
2158 | | $url = str_replace(';//', '://', $url); |
2159 | | /* If the URL doesn't appear to contain a scheme, we |
2160 | | * presume it needs http:// appended (unless a relative |
2161 | | * link starting with / or a php file). |
2162 | | */ |
2163 | | if ( strpos($url, ':') === false && |
2164 | | substr( $url, 0, 1 ) != '/' && substr( $url, 0, 1 ) != '#' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) ) |
2165 | | $url = 'http://' . $url; |
2166 | | |
2167 | | // Replace ampersands and single quotes only when displaying. |
2168 | | if ( 'display' == $context ) { |
2169 | | $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); |
2170 | | $url = str_replace( "'", ''', $url ); |
2171 | | } |
2172 | | |
2173 | | if ( !is_array($protocols) ) |
2174 | | $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); |
2175 | | if ( wp_kses_bad_protocol( $url, $protocols ) != $url ) |
2176 | | return ''; |
2177 | | |
2178 | | return apply_filters('clean_url', $url, $original_url, $context); |
2179 | | } |
2180 | | |
2181 | | /** |
2241 | | function esc_url( $url, $protocols = null ) { |
2242 | | return clean_url( $url, $protocols, 'display' ); |
| 2194 | function esc_url( $url, $protocols = null, $_context = 'display' ) { |
| 2195 | $original_url = $url; |
| 2196 | |
| 2197 | if ('' == $url) return $url; |
| 2198 | $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); |
| 2199 | $strip = array('%0d', '%0a', '%0D', '%0A'); |
| 2200 | $url = _deep_replace($strip, $url); |
| 2201 | $url = str_replace(';//', '://', $url); |
| 2202 | /* If the URL doesn't appear to contain a scheme, we |
| 2203 | * presume it needs http:// appended (unless a relative |
| 2204 | * link starting with / or a php file). |
| 2205 | */ |
| 2206 | if ( strpos($url, ':') === false && |
| 2207 | substr( $url, 0, 1 ) != '/' && substr( $url, 0, 1 ) != '#' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) ) |
| 2208 | $url = 'http://' . $url; |
| 2209 | |
| 2210 | // Replace ampersands and single quotes only when displaying. |
| 2211 | if ( 'display' == $_context ) { |
| 2212 | $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); |
| 2213 | $url = str_replace( "'", ''', $url ); |
| 2214 | } |
| 2215 | |
| 2216 | if ( !is_array($protocols) ) |
| 2217 | $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); |
| 2218 | if ( wp_kses_bad_protocol( $url, $protocols ) != $url ) |
| 2219 | return ''; |
| 2220 | |
| 2221 | return apply_filters('clean_url', $url, $original_url, $_context); |