WordPress.org

Make WordPress Core

Changeset 11383


Ignore:
Timestamp:
05/18/09 16:00:33 (5 years ago)
Author:
markjaquith
Message:

Deprecate sanitize_url() and clean_url() in favor of esc_url_raw() and esc_url()

Location:
trunk
Files:
45 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r11380 r11383  
    133133    $per_page = (int) @$_POST['_per_page']; 
    134134    $page = (int) @$_POST['_page']; 
    135     $url = clean_url( @$_POST['_url'], null, 'url' ); 
     135    $url = esc_url_raw( @$_POST['_url'] ); 
    136136    // JS didn't send us everything we need to know. Just die with success message 
    137137    if ( !$total || !$per_page || !$page || !$url ) 
  • trunk/wp-admin/custom-header.php

    r11204 r11383  
    279279<p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p> 
    280280 
    281 <div id="headimg" style="background-image: url(<?php clean_url(header_image()) ?>);"> 
     281<div id="headimg" style="background-image: url(<?php esc_url(header_image()) ?>);"> 
    282282<h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1> 
    283283<div id="desc"><?php bloginfo('description');?></div> 
     
    355355            wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) ); 
    356356 
    357             set_theme_mod('header_image', clean_url($url)); 
     357            set_theme_mod('header_image', esc_url($url)); 
    358358            do_action('wp_create_file_in_uploads', $file, $id); // For replication 
    359359            return $this->finished(); 
  • trunk/wp-admin/edit-form-advanced.php

    r11380 r11383  
    8888<?php 
    8989if ( 'publish' == $post->post_status ) { 
    90     $preview_link = clean_url(get_permalink($post->ID)); 
     90    $preview_link = esc_url(get_permalink($post->ID)); 
    9191    $preview_button = __('Preview Changes'); 
    9292} else { 
    93     $preview_link = clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); 
     93    $preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); 
    9494    $preview_button = __('Preview'); 
    9595} 
     
    573573<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" /> 
    574574<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" /> 
    575 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" /> 
     575<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" /> 
    576576<?php 
    577577if ( 'draft' != $post->post_status ) 
  • trunk/wp-admin/edit-form-comment.php

    r11245 r11383  
    131131<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" /> 
    132132<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" /> 
    133 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" /> 
     133<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" /> 
    134134<?php wp_original_referer_field(true, 'previous'); ?> 
    135135<input type="hidden" name="noredir" value="1" /> 
  • trunk/wp-admin/edit-page-form.php

    r11380 r11383  
    8282<?php 
    8383if ( 'publish' == $post->post_status ) { 
    84     $preview_link = clean_url(get_permalink($post->ID)); 
     84    $preview_link = esc_url(get_permalink($post->ID)); 
    8585    $preview_button = __('Preview Changes'); 
    8686} else { 
    87     $preview_link = clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); 
     87    $preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); 
    8888    $preview_button = __('Preview'); 
    8989} 
     
    421421<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" /> 
    422422<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" /> 
    423 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" /> 
     423<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" /> 
    424424<?php if ( 'draft' != $post->post_status ) wp_original_referer_field(true, 'previous'); ?> 
    425425 
  • trunk/wp-admin/edit.php

    r11380 r11383  
    252252 
    253253<div class="view-switch"> 
    254     <a href="<?php echo clean_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a> 
    255     <a href="<?php echo clean_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a> 
     254    <a href="<?php echo esc_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a> 
     255    <a href="<?php echo esc_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a> 
    256256</div> 
    257257 
  • trunk/wp-admin/import/livejournal.php

    r11204 r11383  
    187187                <input type="submit" class="button-primary" value="<?php esc_attr_e( 'Continue previous import' ) ?>" /> 
    188188            </p> 
    189             <p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel &amp; start a new import' ) ?></a></p> 
     189            <p class="submitbox"><a href="<?php echo esc_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel &amp; start a new import' ) ?></a></p> 
    190190            <p> 
    191191        <?php else : ?> 
     
    725725            ?> 
    726726            <p><?php _e( 'Please enter your LiveJournal username <em>and</em> password so we can download your posts and comments.' ) ?></p> 
    727             <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p> 
     727            <p><a href="<?php echo esc_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p> 
    728728            <?php 
    729729            return false; 
     
    737737                ?> 
    738738                <p><?php _e( 'Logging in to LiveJournal failed. Check your username and password and try again.' ) ?></p> 
    739                 <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p> 
     739                <p><a href="<?php echo esc_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p> 
    740740                <?php 
    741741                return false; 
  • trunk/wp-admin/includes/bookmark.php

    r11380 r11383  
    3131 
    3232    $_POST['link_url'] = esc_html( $_POST['link_url'] ); 
    33     $_POST['link_url'] = clean_url($_POST['link_url']); 
     33    $_POST['link_url'] = esc_url($_POST['link_url']); 
    3434    $_POST['link_name'] = esc_html( $_POST['link_name'] ); 
    3535    $_POST['link_image'] = esc_html( $_POST['link_image'] ); 
    36     $_POST['link_rss'] = clean_url($_POST['link_rss']); 
     36    $_POST['link_rss'] = esc_url($_POST['link_rss']); 
    3737    if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] ) 
    3838        $_POST['link_visible'] = 'Y'; 
     
    5555function get_default_link_to_edit() { 
    5656    if ( isset( $_GET['linkurl'] ) ) 
    57         $link->link_url = clean_url( $_GET['linkurl']); 
     57        $link->link_url = esc_url( $_GET['linkurl']); 
    5858    else 
    5959        $link->link_url = ''; 
  • trunk/wp-admin/includes/class-wp-upgrader.php

    r11295 r11383  
    933933        $template = !empty($theme_info['Template']) ? $theme_info['Template'] : $stylesheet; 
    934934 
    935         $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(clean_url(get_option('home'))) ) ); 
     935        $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(esc_url(get_option('home'))) ) ); 
    936936        $activate_link = wp_nonce_url("themes.php?action=activate&amp;template=" . urlencode($template) . "&amp;stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template); 
    937937 
     
    992992        $template = !empty($theme_info['Template']) ? $theme_info['Template'] : $stylesheet; 
    993993 
    994         $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(clean_url(get_option('home'))) ) ); 
     994        $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(esc_url(get_option('home'))) ) ); 
    995995        $activate_link = wp_nonce_url("themes.php?action=activate&amp;template=" . urlencode($template) . "&amp;stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template); 
    996996 
  • trunk/wp-admin/includes/comment.php

    r10821 r11383  
    9090    $comment->comment_author = format_to_edit( $comment->comment_author ); 
    9191    $comment->comment_author_email = format_to_edit( $comment->comment_author_email ); 
    92     $comment->comment_author_url = clean_url($comment->comment_author_url); 
     92    $comment->comment_author_url = esc_url($comment->comment_author_url); 
    9393    $comment->comment_author_url = format_to_edit( $comment->comment_author_url ); 
    9494 
  • trunk/wp-admin/includes/dashboard.php

    r11380 r11383  
    116116        if ( isset( $_GET['edit'] ) && $widget_id == $_GET['edit'] ) { 
    117117            list($url) = explode( '#', add_query_arg( 'edit', false ), 2 ); 
    118             $widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>'; 
     118            $widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>'; 
    119119            add_meta_box( $widget_id, $widget_name, '_wp_dashboard_control_callback', 'dashboard', 'normal', 'core' ); 
    120120            return; 
    121121        } 
    122122        list($url) = explode( '#', add_query_arg( 'edit', $widget_id ), 2 ); 
    123         $widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>'; 
     123        $widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>'; 
    124124    } 
    125125    $side_widgets = array('dashboard_quick_press', 'dashboard_recent_drafts', 'dashboard_primary', 'dashboard_secondary'); 
     
    358358    if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) { 
    359359        $view = get_permalink( $_POST['post_ID'] ); 
    360         $edit = clean_url( get_edit_post_link( $_POST['post_ID'] ) ); 
     360        $edit = esc_url( get_edit_post_link( $_POST['post_ID'] ) ); 
    361361        if ( 'post-quickpress-publish' == $_POST['action'] ) { 
    362362            if ( current_user_can('publish_posts') ) 
    363                 printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( $view ), $edit ); 
     363                printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( $view ), $edit ); 
    364364            else 
    365                 printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit ); 
     365                printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit ); 
    366366        } else { 
    367             printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit ); 
     367            printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit ); 
    368368            $drafts_query = new WP_Query( array( 
    369369                'post_type' => 'post', 
     
    385385?> 
    386386 
    387     <form name="post" action="<?php echo clean_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press"> 
     387    <form name="post" action="<?php echo esc_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press"> 
    388388        <h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4> 
    389389        <div class="input-text-wrap"> 
     
    526526    $comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID )); 
    527527    $comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>"; 
    528     $comment_link = '<a class="comment-link" href="' . clean_url(get_comment_link()) . '">#</a>'; 
    529  
    530     $delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 
    531     $approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) ); 
    532     $unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) ); 
    533     $spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 
     528    $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>'; 
     529 
     530    $delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 
     531    $approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) ); 
     532    $unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) ); 
     533    $spam_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 
    534534 
    535535    $actions = array(); 
     
    642642        $content = ''; 
    643643        $date = ''; 
    644         $link = clean_url( strip_tags( $item->get_link() ) ); 
     644        $link = esc_url( strip_tags( $item->get_link() ) ); 
    645645 
    646646        $author = $item->get_author(); 
    647         $site_link = clean_url( strip_tags( $author->get_link() ) ); 
     647        $site_link = esc_url( strip_tags( $author->get_link() ) ); 
    648648 
    649649        if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) ) 
     
    781781            list($link, $frag) = explode( '#', $item->get_link() ); 
    782782 
    783             $link = clean_url($link); 
     783            $link = esc_url($link); 
    784784            if ( preg_match( '|/([^/]+?)/?$|', $link, $matches ) ) 
    785785                $slug = $matches[1]; 
  • trunk/wp-admin/includes/media.php

    r11380 r11383  
    7878                $class = " class='current'"; 
    7979            $href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false)); 
    80             $link = "<a href='" . clean_url($href) . "'$class>$text</a>"; 
     80            $link = "<a href='" . esc_url($href) . "'$class>$text</a>"; 
    8181            echo "\t<li id='" . esc_attr("tab-$callback") . "'>$link</li>\n"; 
    8282        } 
     
    108108 
    109109    if ( $url ) 
    110         $html = '<a href="' . clean_url($url) . "\"$rel>$html</a>"; 
     110        $html = '<a href="' . esc_url($url) . "\"$rel>$html</a>"; 
    111111 
    112112    $html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url, $size ); 
     
    17461746else 
    17471747    $class = ''; 
    1748 $type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>"; 
     1748$type_links[] = "<li><a href='" . esc_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>"; 
    17491749foreach ( $post_mime_types as $mime_type => $label ) { 
    17501750    $class = ''; 
     
    17561756        $class = ' class="current"'; 
    17571757 
    1758     $type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(_n($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>'; 
     1758    $type_links[] = "<li><a href='" . esc_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(_n($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>'; 
    17591759} 
    17601760echo implode(' | </li>', $type_links) . '</li>'; 
     
    20602060function media_upload_flash_bypass() { 
    20612061    echo '<p class="upload-flash-bypass">'; 
    2062     printf( __('You are using the Flash uploader.  Problems?  Try the <a href="%s">Browser uploader</a> instead.'), clean_url(add_query_arg('flash', 0)) ); 
     2062    printf( __('You are using the Flash uploader.  Problems?  Try the <a href="%s">Browser uploader</a> instead.'), esc_url(add_query_arg('flash', 0)) ); 
    20632063    echo '</p>'; 
    20642064} 
     
    20752075        // the user manually selected the browser uploader, so let them switch back to Flash 
    20762076        echo ' '; 
    2077         printf( __('Try the <a href="%s">Flash uploader</a> instead.'), clean_url(add_query_arg('flash', 1)) ); 
     2077        printf( __('Try the <a href="%s">Flash uploader</a> instead.'), esc_url(add_query_arg('flash', 1)) ); 
    20782078    } 
    20792079    echo "</p>\n"; 
  • trunk/wp-admin/includes/plugin-install.php

    r11362 r11383  
    139139    foreach ( (array)$api_tags as $tag ) 
    140140        $tags[ $tag['name'] ] = (object) array( 
    141                                 'link' => clean_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ), 
     141                                'link' => esc_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ), 
    142142                                'name' => $tag['name'], 
    143143                                'id' => sanitize_title_with_dashes($tag['name']), 
     
    274274        </div> 
    275275        <?php 
    276             $url = clean_url($_SERVER['REQUEST_URI']); 
     276            $url = esc_url($_SERVER['REQUEST_URI']); 
    277277            if ( ! empty($term) ) 
    278278                $url = add_query_arg('s', $term, $url); 
     
    428428        $class = ( $section_name == $section ) ? ' class="current"' : ''; 
    429429        $href = add_query_arg( array('tab' => $tab, 'section' => $section_name) ); 
    430         $href = clean_url($href); 
     430        $href = esc_url($href); 
    431431        $san_title = esc_attr(sanitize_title_with_dashes($title)); 
    432432        echo "\t<li><a name='$san_title' target='' href='$href'$class>$title</a></li>\n"; 
  • trunk/wp-admin/includes/post.php

    r11380 r11383  
    334334        $text       = esc_html( stripslashes( urldecode( $_REQUEST['text'] ) ) ); 
    335335        $text       = funky_javascript_fix( $text); 
    336         $popupurl   = clean_url($_REQUEST['popupurl']); 
     336        $popupurl   = esc_url($_REQUEST['popupurl']); 
    337337        $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; 
    338338    } 
  • trunk/wp-admin/includes/template.php

    r11380 r11383  
    18981898            $edit_link = 'profile.php'; 
    18991899        } else { 
    1900             $edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) ); 
     1900            $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) ); 
    19011901        } 
    19021902        $edit = "<strong><a href=\"$edit_link\">$user_object->user_login</a></strong><br />"; 
     
    20932093        $ptime = mysql2date(__('Y/m/d \a\t g:i A'), $comment->comment_date ); 
    20942094 
    2095     $delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 
    2096     $approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) ); 
    2097     $unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) ); 
    2098     $spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 
     2095    $delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 
     2096    $approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) ); 
     2097    $unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) ); 
     2098    $spam_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 
    20992099 
    21002100    echo "<tr id='comment-$comment->comment_ID' class='$the_comment_status'>"; 
  • trunk/wp-admin/includes/theme-install.php

    r11380 r11383  
    310310    ?> 
    311311<a class='thickbox thickbox-preview screenshot' 
    312     href='<? echo clean_url($preview_link); ?>' 
     312    href='<? echo esc_url($preview_link); ?>' 
    313313    title='<?php echo esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)); ?>'> 
    314 <img src='<?php echo clean_url($theme->screenshot_url); ?>' width='150' /> 
     314<img src='<?php echo esc_url($theme->screenshot_url); ?>' width='150' /> 
    315315</a> 
    316316<h3><?php echo $name ?></h3> 
     
    375375<div class="alignleft actions"><?php do_action('install_themes_table_header'); ?></div> 
    376376    <?php 
    377     $url = clean_url($_SERVER['REQUEST_URI']); 
     377    $url = esc_url($_SERVER['REQUEST_URI']); 
    378378    if ( ! empty($term) ) 
    379379        $url = add_query_arg('s', $term, $url); 
     
    503503 
    504504<div class='available-theme'> 
    505 <img src='<?php echo clean_url($api->screenshot_url) ?>' width='300' class="theme-preview-img" /> 
     505<img src='<?php echo esc_url($api->screenshot_url) ?>' width='300' class="theme-preview-img" /> 
    506506<h3><?php echo $api->name; ?></h3> 
    507507<p><?php printf(__('by %s'), $api->author); ?></p> 
  • trunk/wp-admin/includes/update.php

    r11376 r11383  
    160160    echo '<tr><td colspan="5" class="plugin-update">'; 
    161161    if ( ! current_user_can('update_plugins') ) 
    162         printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version ); 
     162        printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a>.'), $plugin_name, esc_url($details_url), esc_attr($plugin_name), $r->new_version ); 
    163163    else if ( empty($r->package) ) 
    164         printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version ); 
     164        printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, esc_url($details_url), esc_attr($plugin_name), $r->new_version ); 
    165165    else 
    166         printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) ); 
     166        printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, esc_url($details_url), esc_attr($plugin_name), $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) ); 
    167167     
    168168    do_action( "in_plugin_update_message-$file", $plugin_data, $r ); 
  • trunk/wp-admin/includes/user.php

    r11380 r11383  
    9292            $user->user_url = ''; 
    9393        } else { 
    94             $user->user_url = clean_url( trim( $_POST['url'] )); 
     94            $user->user_url = esc_url( trim( $_POST['url'] )); 
    9595            $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 
    9696        } 
     
    373373    $user->user_login   = esc_attr($user->user_login); 
    374374    $user->user_email   = esc_attr($user->user_email); 
    375     $user->user_url     = clean_url($user->user_url); 
     375    $user->user_url     = esc_url($user->user_url); 
    376376    $user->first_name   = esc_attr($user->first_name); 
    377377    $user->last_name    = esc_attr($user->last_name); 
  • trunk/wp-admin/includes/widgets.php

    r11380 r11383  
    170170    <div class="widget-title-action"> 
    171171        <a class="widget-action hide-if-no-js" href="#available-widgets"></a> 
    172         <a class="widget-control-edit hide-if-js" href="<?php echo clean_url( add_query_arg( $query_arg ) ); ?>"><span class="edit"><?php _e('Edit'); ?></span><span class="add"><?php _e('Add'); ?></span></a> 
     172        <a class="widget-control-edit hide-if-js" href="<?php echo esc_url( add_query_arg( $query_arg ) ); ?>"><span class="edit"><?php _e('Edit'); ?></span><span class="add"><?php _e('Add'); ?></span></a> 
    173173    </div> 
    174174    <div class="widget-title"><h4><?php echo $widget_title ?><span class="in-widget-title"></span></h4></div> 
  • trunk/wp-admin/js/revisions-js.php

    r11380 r11383  
    1313} 
    1414 
    15 $j = clean_url( site_url( '/wp-includes/js/jquery/jquery.js' ) ); 
     15$j = esc_url( site_url( '/wp-includes/js/jquery/jquery.js' ) ); 
    1616$n = esc_html( $GLOBALS['current_user']->data->display_name ); 
    1717$d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) ); 
  • trunk/wp-admin/media.php

    r11294 r11383  
    8585<h2><?php _e( 'Edit Media' ); ?></h2> 
    8686 
    87 <form method="post" action="<?php echo clean_url( remove_query_arg( 'message' ) ); ?>" class="media-upload-form" id="media-single-form"> 
     87<form method="post" action="<?php echo esc_url( remove_query_arg( 'message' ) ); ?>" class="media-upload-form" id="media-single-form"> 
    8888<div class="media-single"> 
    8989<div id='media-item-<?php echo $att_id; ?>' class='media-item'> 
  • trunk/wp-admin/plugins.php

    r11380 r11383  
    135135                    </ul> 
    136136                <p><?php _e('Are you sure you wish to delete these files?') ?></p> 
    137                 <form method="post" action="<?php echo clean_url($_SERVER['REQUEST_URI']); ?>" style="display:inline;"> 
     137                <form method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>" style="display:inline;"> 
    138138                    <input type="hidden" name="verify-delete" value="1" /> 
    139139                    <input type="hidden" name="action" value="delete-selected" /> 
     
    145145                    <input type="submit" name="submit" value="<?php esc_attr_e('Yes, Delete these files') ?>" class="button" /> 
    146146                </form> 
    147                 <form method="post" action="<?php echo clean_url(wp_get_referer()); ?>" style="display:inline;"> 
     147                <form method="post" action="<?php echo esc_url(wp_get_referer()); ?>" style="display:inline;"> 
    148148                    <input type="submit" name="submit" value="<?php esc_attr_e('No, Return me to the plugin list') ?>" class="button" /> 
    149149                </form> 
  • trunk/wp-admin/press-this.php

    r11380 r11383  
    9898    $selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>'; 
    9999} 
    100 $url = isset($_GET['u']) ? clean_url($_GET['u']) : ''; 
     100$url = isset($_GET['u']) ? esc_url($_GET['u']) : ''; 
    101101$image = isset($_GET['i']) ? $_GET['i'] : ''; 
    102102 
     
    141141 
    142142        <p class="centered"><input type="hidden" name="this_photo" value="<?php echo esc_attr($image); ?>" id="this_photo" /> 
    143             <a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo esc_attr(__('Click to insert.')); ?>" title="<?php echo esc_attr(__('Click to insert.')); ?>" /></a></p> 
     143            <a href="#" class="select"><img src="<?php echo esc_url($image); ?>" alt="<?php echo esc_attr(__('Click to insert.')); ?>" title="<?php echo esc_attr(__('Click to insert.')); ?>" /></a></p> 
    144144 
    145145        <p id="options"><a href="#" class="select button"><?php _e('Insert Image'); ?></a> <a href="#" class="cancel button"><?php _e('Cancel'); ?></a></p> 
     
    206206                    else 
    207207                        $src = 'http://'.str_replace('//','/', $host['host'].'/'.dirname($host['path']).'/'.$src); 
    208                 $sources[] = clean_url($src); 
     208                $sources[] = esc_url($src); 
    209209            } 
    210210            return "'" . implode("','", $sources) . "'"; 
     
    223223                jQuery.ajax({ 
    224224                    type: "GET", 
    225                     url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>", 
     225                    url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>", 
    226226                    cache : false, 
    227227                    async : false, 
     
    234234                jQuery.ajax({ 
    235235                    type: "GET", 
    236                     url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>", 
     236                    url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>", 
    237237                    cache : false, 
    238238                    async : false, 
     
    378378        switch(tab_name) { 
    379379            case 'video' : 
    380                 jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo esc_attr($selection); ?>'}, function() { 
     380                jQuery('#extra_fields').load('<?php echo esc_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo esc_attr($selection); ?>'}, function() { 
    381381                    <?php 
    382382                    $content = ''; 
     
    407407                    type: "GET", 
    408408                    cache : false, 
    409                     url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>", 
     409                    url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>", 
    410410                    data: "ajax=photo_js&u=<?php echo urlencode($url)?>", 
    411411                    dataType : "script", 
  • trunk/wp-admin/themes.php

    r11380 r11383  
    195195    $template_dir = $themes[$theme_name]['Template Dir']; 
    196196    $parent_theme = $themes[$theme_name]['Parent Theme']; 
    197     $preview_link = clean_url( get_option('home') . '/'); 
     197    $preview_link = esc_url( get_option('home') . '/'); 
    198198    $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) ); 
    199199    $preview_text = esc_attr( sprintf( __('Preview of &#8220;%s&#8221;'), $title ) ); 
  • trunk/wp-admin/update-core.php

    r11273 r11383  
    4545    echo '<input name="version" value="'. esc_attr($update->current) .'" type="hidden"/>'; 
    4646    echo '<input name="locale" value="'. esc_attr($update->locale) .'" type="hidden"/>'; 
    47     echo '<a href="' . clean_url($update->package) . '" class="button">' . $download . '</a>&nbsp;'; 
     47    echo '<a href="' . esc_url($update->package) . '" class="button">' . $download . '</a>&nbsp;'; 
    4848    if ( 'en_US' != $update->locale ) 
    4949        if ( !isset( $update->dismissed ) || !$update->dismissed ) 
  • trunk/wp-admin/upgrade.php

    r11189 r11383  
    5858    case 0: 
    5959        $goback = stripslashes( wp_get_referer() ); 
    60         $goback = clean_url( $goback, null, 'url' ); 
     60        $goback = esc_url_raw( $goback ); 
    6161        $goback = urlencode( $goback ); 
    6262?> 
     
    7474        else { 
    7575            $backto = stripslashes( urldecode( $_GET['backto'] ) ); 
    76             $backto = clean_url( $backto, null, 'url' ); 
     76            $backto = esc_urlaw( $backto ); 
    7777        } 
    7878?> 
  • trunk/wp-admin/user-edit.php

    r11380 r11383  
    121121<?php wp_nonce_field('update-user_' . $user_id) ?> 
    122122<?php if ( $wp_http_referer ) : ?> 
    123     <input type="hidden" name="wp_http_referer" value="<?php echo clean_url($wp_http_referer); ?>" /> 
     123    <input type="hidden" name="wp_http_referer" value="<?php echo esc_url($wp_http_referer); ?>" /> 
    124124<?php endif; ?> 
    125125<p> 
  • trunk/wp-comments-post.php

    r11248 r11383  
    8282    setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); 
    8383    setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); 
    84     setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); 
     84    setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); 
    8585} 
    8686 
  • trunk/wp-includes/bookmark-template.php

    r11204 r11383  
    7171        $the_link = '#'; 
    7272        if ( !empty($bookmark->link_url) ) 
    73             $the_link = clean_url($bookmark->link_url); 
     73            $the_link = esc_url($bookmark->link_url); 
    7474 
    7575        $desc = esc_attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display')); 
  • trunk/wp-includes/category-template.php

    r11324 r11383  
    660660    foreach ( $tags as $key => $tag ) { 
    661661        $count = $counts[ $key ]; 
    662         $tag_link = '#' != $tag->link ? clean_url( $tag->link ) : '#'; 
     662        $tag_link = '#' != $tag->link ? esc_url( $tag->link ) : '#'; 
    663663        $tag_id = isset($tags[ $key ]->id) ? $tags[ $key ]->id : $key; 
    664664        $tag_name = $tags[ $key ]->name; 
  • trunk/wp-includes/class.wp-scripts.php

    r11245 r11383  
    116116 
    117117        $src = add_query_arg('ver', $ver, $src); 
    118         $src = clean_url(apply_filters( 'script_loader_src', $src, $handle )); 
     118        $src = esc_url(apply_filters( 'script_loader_src', $src, $handle )); 
    119119 
    120120        if ( $this->do_concat ) 
  • trunk/wp-includes/class.wp-styles.php

    r11219 r11383  
    103103        $src = add_query_arg('ver', $ver, $src); 
    104104        $src = apply_filters( 'style_loader_src', $src, $handle ); 
    105         return clean_url( $src ); 
     105        return esc_url( $src ); 
    106106    } 
    107107 
  • trunk/wp-includes/comment-template.php

    r11380 r11383  
    996996 
    997997    if ( get_option('comment_registration') && !$user_ID ) 
    998         $link = '<a rel="nofollow" class="comment-reply-login" href="' . clean_url( wp_login_url( get_permalink() ) ) . '">' . $login_text . '</a>'; 
     998        $link = '<a rel="nofollow" class="comment-reply-login" href="' . esc_url( wp_login_url( get_permalink() ) ) . '">' . $login_text . '</a>'; 
    999999    else 
    1000         $link = "<a rel='nofollow' class='comment-reply-link' href='" . clean_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>"; 
     1000        $link = "<a rel='nofollow' class='comment-reply-link' href='" . esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>"; 
    10011001    return apply_filters('comment_reply_link', $before . $link . $after, $args, $comment, $post); 
    10021002} 
  • trunk/wp-includes/default-filters.php

    r11380 r11383  
    4444    add_filter($filter, 'strip_tags'); 
    4545    add_filter($filter, 'trim'); 
    46     add_filter($filter, 'sanitize_url'); 
     46    add_filter($filter, 'esc_url_raw'); 
    4747    add_filter($filter, 'wp_filter_kses'); 
    4848} 
     
    5353    add_filter($filter, 'strip_tags'); 
    5454    add_filter($filter, 'trim'); 
    55     add_filter($filter, 'clean_url'); 
     55    add_filter($filter, 'esc_url'); 
    5656    add_filter($filter, 'wp_filter_kses'); 
    5757} 
  • trunk/wp-includes/default-widgets.php

    r11380 r11383  
    660660            <ul id="recentcomments"><?php 
    661661            if ( $comments ) : foreach ( (array) $comments as $comment) : 
    662             echo  '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . clean_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>'; 
     662            echo  '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . esc_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>'; 
    663663            endforeach; endif;?></ul> 
    664664        <?php echo $after_widget; ?> 
     
    731731            if ( empty($title) ) 
    732732                $title = htmlentities(strip_tags($rss->get_title())); 
    733             $link = clean_url(strip_tags($rss->get_permalink())); 
     733            $link = esc_url(strip_tags($rss->get_permalink())); 
    734734            while ( stristr($link, 'http') != $link ) 
    735735                $link = substr($link, 1); 
     
    740740 
    741741        $title = apply_filters('widget_title', $title ); 
    742         $url = clean_url(strip_tags($url)); 
     742        $url = esc_url(strip_tags($url)); 
    743743        $icon = includes_url('images/rss.png'); 
    744744        if ( $title ) 
     
    814814        while ( stristr($link, 'http') != $link ) 
    815815            $link = substr($link, 1); 
    816         $link = clean_url(strip_tags($link)); 
     816        $link = esc_url(strip_tags($link)); 
    817817        $title = esc_attr(strip_tags($item->get_title())); 
    818818        if ( empty($title) ) 
     
    880880    $number = esc_attr( $number ); 
    881881    $title  = esc_attr( $title ); 
    882     $url    = clean_url( $url ); 
     882    $url    = esc_url( $url ); 
    883883    $items  = (int) $items; 
    884884    if ( $items < 1 || 20 < $items ) 
     
    959959    if ( $items < 1 || 20 < $items ) 
    960960        $items = 10; 
    961     $url           = sanitize_url(strip_tags( $widget_rss['url'] )); 
     961    $url           = esc_url_raw(strip_tags( $widget_rss['url'] )); 
    962962    $title         = trim(strip_tags( $widget_rss['title'] )); 
    963963    $show_summary  = (int) $widget_rss['show_summary']; 
     
    972972            $error = $rss->get_error_message(); 
    973973        } else { 
    974             $link = clean_url(strip_tags($rss->get_permalink())); 
     974            $link = esc_url(strip_tags($rss->get_permalink())); 
    975975            while ( stristr($link, 'http') != $link ) 
    976976                $link = substr($link, 1); 
  • trunk/wp-includes/deprecated.php

    r11269 r11383  
    10021002        $the_link = '#'; 
    10031003        if ( !empty($row->link_url) ) 
    1004             $the_link = clean_url($row->link_url); 
     1004            $the_link = esc_url($row->link_url); 
    10051005        $rel = $row->link_rel; 
    10061006        if ( '' != $rel ) 
  • trunk/wp-includes/feed.php

    r11380 r11383  
    256256 */ 
    257257function comment_link() { 
    258     echo clean_url( get_comment_link() ); 
     258    echo esc_url( get_comment_link() ); 
    259259} 
    260260 
     
    504504    $host = @parse_url(get_option('home')); 
    505505    $host = $host['host']; 
    506     echo clean_url( 
     506    echo esc_url( 
    507507        'http' 
    508508        . ( (isset($_SERVER['https']) && $_SERVER['https'] == 'on') ? 's' : '' ) . '://' 
  • trunk/wp-includes/formatting.php

    r11380 r11383  
    11501150function _make_url_clickable_cb($matches) { 
    11511151    $url = $matches[2]; 
    1152     $url = clean_url($url); 
     1152    $url = esc_url($url); 
    11531153    if ( empty($url) ) 
    11541154        return $matches[0]; 
     
    11721172    $dest = $matches[2]; 
    11731173    $dest = 'http://' . $dest; 
    1174     $dest = clean_url($dest); 
     1174    $dest = esc_url($dest); 
    11751175    if ( empty($dest) ) 
    11761176        return $matches[0]; 
     
    19891989 * 
    19901990 * A number of characters are removed from the URL. If the URL is for displaying 
    1991  * (the default behaviour) amperstands are also replaced. The 'clean_url' filter 
     1991 * (the default behaviour) amperstands are also replaced. The 'esc_url' filter 
    19921992 * is applied to the returned cleaned URL. 
    19931993 * 
     
    20332033 
    20342034/** 
    2035  * Performs clean_url() for database usage. 
    2036  * 
    2037  * @see clean_url() 
     2035 * Checks and cleans a URL. 
     2036 * 
     2037 * A number of characters are removed from the URL. If the URL is for displaying 
     2038 * (the default behaviour) amperstands are also replaced. The 'esc_url' filter 
     2039 * is applied to the returned cleaned URL. 
     2040 * 
     2041 * @since 2.8.0 
     2042 * @uses esc_url() 
     2043 * @uses wp_kses_bad_protocol() To only permit protocols in the URL set 
     2044 *      via $protocols or the common ones set in the function. 
     2045 * 
     2046 * @param string $url The URL to be cleaned. 
     2047 * @param array $protocols Optional. An array of acceptable protocols. 
     2048 *      Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set. 
     2049 * @return string The cleaned $url after the 'cleaned_url' filter is applied. 
     2050 */ 
     2051function esc_url( $url, $protocols = null ) { 
     2052    return clean_url( $url, $protocols, 'display' ); 
     2053} 
     2054 
     2055/** 
     2056 * Performs esc_url() for database usage. 
     2057 * 
     2058 * @see esc_url() 
     2059 * @see esc_url() 
     2060 * 
     2061 * @since 2.8.0 
     2062 * 
     2063 * @param string $url The URL to be cleaned. 
     2064 * @param array $protocols An array of acceptable protocols. 
     2065 * @return string The cleaned URL. 
     2066 */ 
     2067function esc_url_raw( $url, $protocols = null ) { 
     2068    return clean_url( $url, $protocols, 'db' ); 
     2069} 
     2070 
     2071/** 
     2072 * Performs esc_url() for database or redirect usage. 
     2073 * 
     2074 * @see esc_url() 
     2075 * @deprecated 2.8.0 
    20382076 * 
    20392077 * @since 2.3.1 
     
    22812319        case 'home': 
    22822320            $value = stripslashes($value); 
    2283             $value = clean_url($value); 
     2321            $value = esc_url($value); 
    22842322            break; 
    22852323        default : 
  • trunk/wp-includes/functions.php

    r11380 r11383  
    23372337    $html = esc_html( wp_explain_nonce( $action ) ); 
    23382338    if ( wp_get_referer() ) 
    2339         $html .= "</p><p><a href='" . clean_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>"; 
     2339        $html .= "</p><p><a href='" . esc_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>"; 
    23402340    elseif ( 'log-out' == $action ) 
    23412341        $html .= "</p><p>" . sprintf( __( "Do you really want to <a href='%s'>log out</a>?"), wp_logout_url() ); 
  • trunk/wp-includes/general-template.php

    r11380 r11383  
    142142function wp_loginout($redirect = '') { 
    143143    if ( ! is_user_logged_in() ) 
    144         $link = '<a href="' . clean_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>'; 
     144        $link = '<a href="' . esc_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>'; 
    145145    else 
    146         $link = '<a href="' . clean_url( wp_logout_url($redirect) ) . '">' . __('Log out') . '</a>'; 
     146        $link = '<a href="' . esc_url( wp_logout_url($redirect) ) . '">' . __('Log out') . '</a>'; 
    147147 
    148148    echo apply_filters('loginout', $link); 
     
    690690    $text = wptexturize($text); 
    691691    $title_text = esc_attr($text); 
    692     $url = clean_url($url); 
     692    $url = esc_url($url); 
    693693 
    694694    if ('link' == $format) 
     
    18081808            $link = add_query_arg( $add_args, $link ); 
    18091809        $link .= $add_fragment; 
    1810         $page_links[] = "<a class='prev page-numbers' href='" . clean_url($link) . "'>$prev_text</a>"; 
     1810        $page_links[] = "<a class='prev page-numbers' href='" . esc_url($link) . "'>$prev_text</a>"; 
    18111811    endif; 
    18121812    for ( $n = 1; $n <= $total; $n++ ) : 
     
    18221822                    $link = add_query_arg( $add_args, $link ); 
    18231823                $link .= $add_fragment; 
    1824                 $page_links[] = "<a class='page-numbers' href='" . clean_url($link) . "'>$n_display</a>"; 
     1824                $page_links[] = "<a class='page-numbers' href='" . esc_url($link) . "'>$n_display</a>"; 
    18251825                $dots = true; 
    18261826            elseif ( $dots && !$show_all ) : 
     
    18361836            $link = add_query_arg( $add_args, $link ); 
    18371837        $link .= $add_fragment; 
    1838         $page_links[] = "<a class='next page-numbers' href='" . clean_url($link) . "'>$next_text</a>"; 
     1838        $page_links[] = "<a class='next page-numbers' href='" . esc_url($link) . "'>$next_text</a>"; 
    18391839    endif; 
    18401840    switch ( $type ) : 
     
    19361936    } 
    19371937 
    1938     echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . clean_url( wp_admin_css_uri( $file ) ) . "' type='text/css' />\n", $file ); 
     1938    echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( $file ) ) . "' type='text/css' />\n", $file ); 
    19391939    if ( 'rtl' == get_bloginfo( 'text_direction' ) ) 
    1940         echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . clean_url( wp_admin_css_uri( "$file-rtl" ) ) . "' type='text/css' />\n", "$file-rtl" ); 
     1940        echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( "$file-rtl" ) ) . "' type='text/css' />\n", "$file-rtl" ); 
    19411941} 
    19421942 
  • trunk/wp-includes/link-template.php

    r11364 r11383  
    13161316 */ 
    13171317function next_posts( $max_page = 0, $echo = true ) { 
    1318     $output = clean_url( get_next_posts_page_link( $max_page ) ); 
     1318    $output = esc_url( get_next_posts_page_link( $max_page ) ); 
    13191319 
    13201320    if ( $echo ) 
     
    13941394 */ 
    13951395function previous_posts( $echo = true ) { 
    1396     $output = clean_url( get_previous_posts_page_link() ); 
     1396    $output = esc_url( get_previous_posts_page_link() ); 
    13971397 
    13981398    if ( $echo ) 
     
    15511551        $label = __('Newer Comments &raquo;'); 
    15521552 
    1553     return '<a href="' . clean_url( get_comments_pagenum_link( $nextpage, $max_page ) ) . '" ' . apply_filters( 'next_comments_link_attributes', '' ) . '>'. preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', $label) .'</a>'; 
     1553    return '<a href="' . esc_url( get_comments_pagenum_link( $nextpage, $max_page ) ) . '" ' . apply_filters( 'next_comments_link_attributes', '' ) . '>'. preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', $label) .'</a>'; 
    15541554} 
    15551555 
     
    15881588        $label = __('&laquo; Older Comments'); 
    15891589 
    1590     return '<a href="' . clean_url( get_comments_pagenum_link( $prevpage ) ) . '" ' . apply_filters( 'previous_comments_link_attributes', '' ) . '>' . preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', $label) .'</a>'; 
     1590    return '<a href="' . esc_url( get_comments_pagenum_link( $prevpage ) ) . '" ' . apply_filters( 'previous_comments_link_attributes', '' ) . '>' . preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', $label) .'</a>'; 
    15911591} 
    15921592 
  • trunk/wp-includes/rss.php

    r11204 r11383  
    873873            printf( 
    874874                '<li><a href="%1$s" title="%2$s">%3$s</a></li>', 
    875                 clean_url( $item['link'] ), 
     875                esc_url( $item['link'] ), 
    876876                esc_attr( strip_tags( $item['description'] ) ), 
    877877                htmlentities( $item['title'] ) 
  • trunk/wp-includes/theme.php

    r11204 r11383  
    186186 
    187187    if ( preg_match( '|Theme URI:(.*)$|mi', $theme_data, $theme_uri ) ) 
    188         $theme_uri = clean_url( _cleanup_header_comment($theme_uri[1]) ); 
     188        $theme_uri = esc_url( _cleanup_header_comment($theme_uri[1]) ); 
    189189    else 
    190190        $theme_uri = ''; 
     
    196196 
    197197    if ( preg_match( '|Author URI:(.*)$|mi', $theme_data, $author_uri ) ) 
    198         $author_uri = clean_url( _cleanup_header_comment($author_uri[1]) ); 
     198        $author_uri = esc_url( _cleanup_header_comment($author_uri[1]) ); 
    199199    else 
    200200        $author_uri = ''; 
  • trunk/wp-includes/update.php

    r11209 r11383  
    6868        $new_option->response = esc_attr( $returns[0] ); 
    6969        if ( isset( $returns[1] ) ) 
    70             $new_option->url = clean_url( $returns[1] ); 
     70            $new_option->url = esc_url( $returns[1] ); 
    7171        if ( isset( $returns[2] ) ) 
    72             $new_option->package = clean_url( $returns[2] ); 
     72            $new_option->package = esc_url( $returns[2] ); 
    7373        if ( isset( $returns[3] ) ) 
    7474            $new_option->current = esc_attr( $returns[3] ); 
  • trunk/wp-includes/version.php

    r11381 r11383  
    1616 * @global int $wp_db_version 
    1717 */ 
    18 $wp_db_version = 10850; 
     18$wp_db_version = 10851; 
    1919 
    2020?> 
Note: See TracChangeset for help on using the changeset viewer.