Changeset 11383
- Timestamp:
- 05/18/2009 04:00:33 PM (15 years ago)
- Location:
- trunk
- Files:
-
- 45 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-ajax.php
r11380 r11383 133 133 $per_page = (int) @$_POST['_per_page']; 134 134 $page = (int) @$_POST['_page']; 135 $url = clean_url( @$_POST['_url'], null, 'url');135 $url = esc_url_raw( @$_POST['_url'] ); 136 136 // JS didn't send us everything we need to know. Just die with success message 137 137 if ( !$total || !$per_page || !$page || !$url ) -
trunk/wp-admin/custom-header.php
r11204 r11383 279 279 <p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p> 280 280 281 <div id="headimg" style="background-image: url(<?php clean_url(header_image()) ?>);">281 <div id="headimg" style="background-image: url(<?php esc_url(header_image()) ?>);"> 282 282 <h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1> 283 283 <div id="desc"><?php bloginfo('description');?></div> … … 355 355 wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) ); 356 356 357 set_theme_mod('header_image', clean_url($url));357 set_theme_mod('header_image', esc_url($url)); 358 358 do_action('wp_create_file_in_uploads', $file, $id); // For replication 359 359 return $this->finished(); -
trunk/wp-admin/edit-form-advanced.php
r11380 r11383 88 88 <?php 89 89 if ( 'publish' == $post->post_status ) { 90 $preview_link = clean_url(get_permalink($post->ID));90 $preview_link = esc_url(get_permalink($post->ID)); 91 91 $preview_button = __('Preview Changes'); 92 92 } else { 93 $preview_link = clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));93 $preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); 94 94 $preview_button = __('Preview'); 95 95 } … … 573 573 <input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" /> 574 574 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" /> 575 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />575 <input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" /> 576 576 <?php 577 577 if ( 'draft' != $post->post_status ) -
trunk/wp-admin/edit-form-comment.php
r11245 r11383 131 131 <input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" /> 132 132 <input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" /> 133 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />133 <input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" /> 134 134 <?php wp_original_referer_field(true, 'previous'); ?> 135 135 <input type="hidden" name="noredir" value="1" /> -
trunk/wp-admin/edit-page-form.php
r11380 r11383 82 82 <?php 83 83 if ( 'publish' == $post->post_status ) { 84 $preview_link = clean_url(get_permalink($post->ID));84 $preview_link = esc_url(get_permalink($post->ID)); 85 85 $preview_button = __('Preview Changes'); 86 86 } else { 87 $preview_link = clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));87 $preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); 88 88 $preview_button = __('Preview'); 89 89 } … … 421 421 <input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" /> 422 422 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" /> 423 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />423 <input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" /> 424 424 <?php if ( 'draft' != $post->post_status ) wp_original_referer_field(true, 'previous'); ?> 425 425 -
trunk/wp-admin/edit.php
r11380 r11383 252 252 253 253 <div class="view-switch"> 254 <a href="<?php echo clean_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a>255 <a href="<?php echo clean_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a>254 <a href="<?php echo esc_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a> 255 <a href="<?php echo esc_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a> 256 256 </div> 257 257 -
trunk/wp-admin/import/livejournal.php
r11204 r11383 187 187 <input type="submit" class="button-primary" value="<?php esc_attr_e( 'Continue previous import' ) ?>" /> 188 188 </p> 189 <p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . esc_attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel & start a new import' ) ?></a></p>189 <p class="submitbox"><a href="<?php echo esc_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . esc_attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel & start a new import' ) ?></a></p> 190 190 <p> 191 191 <?php else : ?> … … 725 725 ?> 726 726 <p><?php _e( 'Please enter your LiveJournal username <em>and</em> password so we can download your posts and comments.' ) ?></p> 727 <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>727 <p><a href="<?php echo esc_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p> 728 728 <?php 729 729 return false; … … 737 737 ?> 738 738 <p><?php _e( 'Logging in to LiveJournal failed. Check your username and password and try again.' ) ?></p> 739 <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>739 <p><a href="<?php echo esc_url($_SERVER['PHP_SELF'] . '?import=livejournal&step=-1&_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p> 740 740 <?php 741 741 return false; -
trunk/wp-admin/includes/bookmark.php
r11380 r11383 31 31 32 32 $_POST['link_url'] = esc_html( $_POST['link_url'] ); 33 $_POST['link_url'] = clean_url($_POST['link_url']);33 $_POST['link_url'] = esc_url($_POST['link_url']); 34 34 $_POST['link_name'] = esc_html( $_POST['link_name'] ); 35 35 $_POST['link_image'] = esc_html( $_POST['link_image'] ); 36 $_POST['link_rss'] = clean_url($_POST['link_rss']);36 $_POST['link_rss'] = esc_url($_POST['link_rss']); 37 37 if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] ) 38 38 $_POST['link_visible'] = 'Y'; … … 55 55 function get_default_link_to_edit() { 56 56 if ( isset( $_GET['linkurl'] ) ) 57 $link->link_url = clean_url( $_GET['linkurl']);57 $link->link_url = esc_url( $_GET['linkurl']); 58 58 else 59 59 $link->link_url = ''; -
trunk/wp-admin/includes/class-wp-upgrader.php
r11295 r11383 933 933 $template = !empty($theme_info['Template']) ? $theme_info['Template'] : $stylesheet; 934 934 935 $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit( clean_url(get_option('home'))) ) );935 $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(esc_url(get_option('home'))) ) ); 936 936 $activate_link = wp_nonce_url("themes.php?action=activate&template=" . urlencode($template) . "&stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template); 937 937 … … 992 992 $template = !empty($theme_info['Template']) ? $theme_info['Template'] : $stylesheet; 993 993 994 $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit( clean_url(get_option('home'))) ) );994 $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(esc_url(get_option('home'))) ) ); 995 995 $activate_link = wp_nonce_url("themes.php?action=activate&template=" . urlencode($template) . "&stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template); 996 996 -
trunk/wp-admin/includes/comment.php
r10821 r11383 90 90 $comment->comment_author = format_to_edit( $comment->comment_author ); 91 91 $comment->comment_author_email = format_to_edit( $comment->comment_author_email ); 92 $comment->comment_author_url = clean_url($comment->comment_author_url);92 $comment->comment_author_url = esc_url($comment->comment_author_url); 93 93 $comment->comment_author_url = format_to_edit( $comment->comment_author_url ); 94 94 -
trunk/wp-admin/includes/dashboard.php
r11380 r11383 116 116 if ( isset( $_GET['edit'] ) && $widget_id == $_GET['edit'] ) { 117 117 list($url) = explode( '#', add_query_arg( 'edit', false ), 2 ); 118 $widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>';118 $widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>'; 119 119 add_meta_box( $widget_id, $widget_name, '_wp_dashboard_control_callback', 'dashboard', 'normal', 'core' ); 120 120 return; 121 121 } 122 122 list($url) = explode( '#', add_query_arg( 'edit', $widget_id ), 2 ); 123 $widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>';123 $widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>'; 124 124 } 125 125 $side_widgets = array('dashboard_quick_press', 'dashboard_recent_drafts', 'dashboard_primary', 'dashboard_secondary'); … … 358 358 if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) { 359 359 $view = get_permalink( $_POST['post_ID'] ); 360 $edit = clean_url( get_edit_post_link( $_POST['post_ID'] ) );360 $edit = esc_url( get_edit_post_link( $_POST['post_ID'] ) ); 361 361 if ( 'post-quickpress-publish' == $_POST['action'] ) { 362 362 if ( current_user_can('publish_posts') ) 363 printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( $view ), $edit );363 printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( $view ), $edit ); 364 364 else 365 printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit );365 printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit ); 366 366 } else { 367 printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit );367 printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit ); 368 368 $drafts_query = new WP_Query( array( 369 369 'post_type' => 'post', … … 385 385 ?> 386 386 387 <form name="post" action="<?php echo clean_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">387 <form name="post" action="<?php echo esc_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press"> 388 388 <h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4> 389 389 <div class="input-text-wrap"> … … 526 526 $comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID )); 527 527 $comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>"; 528 $comment_link = '<a class="comment-link" href="' . clean_url(get_comment_link()) . '">#</a>';529 530 $delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );531 $approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );532 $unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );533 $spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );528 $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>'; 529 530 $delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 531 $approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) ); 532 $unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) ); 533 $spam_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 534 534 535 535 $actions = array(); … … 642 642 $content = ''; 643 643 $date = ''; 644 $link = clean_url( strip_tags( $item->get_link() ) );644 $link = esc_url( strip_tags( $item->get_link() ) ); 645 645 646 646 $author = $item->get_author(); 647 $site_link = clean_url( strip_tags( $author->get_link() ) );647 $site_link = esc_url( strip_tags( $author->get_link() ) ); 648 648 649 649 if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) ) … … 781 781 list($link, $frag) = explode( '#', $item->get_link() ); 782 782 783 $link = clean_url($link);783 $link = esc_url($link); 784 784 if ( preg_match( '|/([^/]+?)/?$|', $link, $matches ) ) 785 785 $slug = $matches[1]; -
trunk/wp-admin/includes/media.php
r11380 r11383 78 78 $class = " class='current'"; 79 79 $href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false)); 80 $link = "<a href='" . clean_url($href) . "'$class>$text</a>";80 $link = "<a href='" . esc_url($href) . "'$class>$text</a>"; 81 81 echo "\t<li id='" . esc_attr("tab-$callback") . "'>$link</li>\n"; 82 82 } … … 108 108 109 109 if ( $url ) 110 $html = '<a href="' . clean_url($url) . "\"$rel>$html</a>";110 $html = '<a href="' . esc_url($url) . "\"$rel>$html</a>"; 111 111 112 112 $html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url, $size ); … … 1746 1746 else 1747 1747 $class = ''; 1748 $type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>";1748 $type_links[] = "<li><a href='" . esc_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>"; 1749 1749 foreach ( $post_mime_types as $mime_type => $label ) { 1750 1750 $class = ''; … … 1756 1756 $class = ' class="current"'; 1757 1757 1758 $type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(_n($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>';1758 $type_links[] = "<li><a href='" . esc_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(_n($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>'; 1759 1759 } 1760 1760 echo implode(' | </li>', $type_links) . '</li>'; … … 2060 2060 function media_upload_flash_bypass() { 2061 2061 echo '<p class="upload-flash-bypass">'; 2062 printf( __('You are using the Flash uploader. Problems? Try the <a href="%s">Browser uploader</a> instead.'), clean_url(add_query_arg('flash', 0)) );2062 printf( __('You are using the Flash uploader. Problems? Try the <a href="%s">Browser uploader</a> instead.'), esc_url(add_query_arg('flash', 0)) ); 2063 2063 echo '</p>'; 2064 2064 } … … 2075 2075 // the user manually selected the browser uploader, so let them switch back to Flash 2076 2076 echo ' '; 2077 printf( __('Try the <a href="%s">Flash uploader</a> instead.'), clean_url(add_query_arg('flash', 1)) );2077 printf( __('Try the <a href="%s">Flash uploader</a> instead.'), esc_url(add_query_arg('flash', 1)) ); 2078 2078 } 2079 2079 echo "</p>\n"; -
trunk/wp-admin/includes/plugin-install.php
r11362 r11383 139 139 foreach ( (array)$api_tags as $tag ) 140 140 $tags[ $tag['name'] ] = (object) array( 141 'link' => clean_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ),141 'link' => esc_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ), 142 142 'name' => $tag['name'], 143 143 'id' => sanitize_title_with_dashes($tag['name']), … … 274 274 </div> 275 275 <?php 276 $url = clean_url($_SERVER['REQUEST_URI']);276 $url = esc_url($_SERVER['REQUEST_URI']); 277 277 if ( ! empty($term) ) 278 278 $url = add_query_arg('s', $term, $url); … … 428 428 $class = ( $section_name == $section ) ? ' class="current"' : ''; 429 429 $href = add_query_arg( array('tab' => $tab, 'section' => $section_name) ); 430 $href = clean_url($href);430 $href = esc_url($href); 431 431 $san_title = esc_attr(sanitize_title_with_dashes($title)); 432 432 echo "\t<li><a name='$san_title' target='' href='$href'$class>$title</a></li>\n"; -
trunk/wp-admin/includes/post.php
r11380 r11383 334 334 $text = esc_html( stripslashes( urldecode( $_REQUEST['text'] ) ) ); 335 335 $text = funky_javascript_fix( $text); 336 $popupurl = clean_url($_REQUEST['popupurl']);336 $popupurl = esc_url($_REQUEST['popupurl']); 337 337 $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; 338 338 } -
trunk/wp-admin/includes/template.php
r11380 r11383 1898 1898 $edit_link = 'profile.php'; 1899 1899 } else { 1900 $edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) );1900 $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) ); 1901 1901 } 1902 1902 $edit = "<strong><a href=\"$edit_link\">$user_object->user_login</a></strong><br />"; … … 2093 2093 $ptime = mysql2date(__('Y/m/d \a\t g:i A'), $comment->comment_date ); 2094 2094 2095 $delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );2096 $approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );2097 $unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );2098 $spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );2095 $delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 2096 $approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) ); 2097 $unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) ); 2098 $spam_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) ); 2099 2099 2100 2100 echo "<tr id='comment-$comment->comment_ID' class='$the_comment_status'>"; -
trunk/wp-admin/includes/theme-install.php
r11380 r11383 310 310 ?> 311 311 <a class='thickbox thickbox-preview screenshot' 312 href='<? echo clean_url($preview_link); ?>'312 href='<? echo esc_url($preview_link); ?>' 313 313 title='<?php echo esc_attr(sprintf(__('Preview “%s”'), $name)); ?>'> 314 <img src='<?php echo clean_url($theme->screenshot_url); ?>' width='150' />314 <img src='<?php echo esc_url($theme->screenshot_url); ?>' width='150' /> 315 315 </a> 316 316 <h3><?php echo $name ?></h3> … … 375 375 <div class="alignleft actions"><?php do_action('install_themes_table_header'); ?></div> 376 376 <?php 377 $url = clean_url($_SERVER['REQUEST_URI']);377 $url = esc_url($_SERVER['REQUEST_URI']); 378 378 if ( ! empty($term) ) 379 379 $url = add_query_arg('s', $term, $url); … … 503 503 504 504 <div class='available-theme'> 505 <img src='<?php echo clean_url($api->screenshot_url) ?>' width='300' class="theme-preview-img" />505 <img src='<?php echo esc_url($api->screenshot_url) ?>' width='300' class="theme-preview-img" /> 506 506 <h3><?php echo $api->name; ?></h3> 507 507 <p><?php printf(__('by %s'), $api->author); ?></p> -
trunk/wp-admin/includes/update.php
r11376 r11383 160 160 echo '<tr><td colspan="5" class="plugin-update">'; 161 161 if ( ! current_user_can('update_plugins') ) 162 printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version );162 printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a>.'), $plugin_name, esc_url($details_url), esc_attr($plugin_name), $r->new_version ); 163 163 else if ( empty($r->package) ) 164 printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version );164 printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, esc_url($details_url), esc_attr($plugin_name), $r->new_version ); 165 165 else 166 printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) );166 printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, esc_url($details_url), esc_attr($plugin_name), $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) ); 167 167 168 168 do_action( "in_plugin_update_message-$file", $plugin_data, $r ); -
trunk/wp-admin/includes/user.php
r11380 r11383 92 92 $user->user_url = ''; 93 93 } else { 94 $user->user_url = clean_url( trim( $_POST['url'] ));94 $user->user_url = esc_url( trim( $_POST['url'] )); 95 95 $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 96 96 } … … 373 373 $user->user_login = esc_attr($user->user_login); 374 374 $user->user_email = esc_attr($user->user_email); 375 $user->user_url = clean_url($user->user_url);375 $user->user_url = esc_url($user->user_url); 376 376 $user->first_name = esc_attr($user->first_name); 377 377 $user->last_name = esc_attr($user->last_name); -
trunk/wp-admin/includes/widgets.php
r11380 r11383 170 170 <div class="widget-title-action"> 171 171 <a class="widget-action hide-if-no-js" href="#available-widgets"></a> 172 <a class="widget-control-edit hide-if-js" href="<?php echo clean_url( add_query_arg( $query_arg ) ); ?>"><span class="edit"><?php _e('Edit'); ?></span><span class="add"><?php _e('Add'); ?></span></a>172 <a class="widget-control-edit hide-if-js" href="<?php echo esc_url( add_query_arg( $query_arg ) ); ?>"><span class="edit"><?php _e('Edit'); ?></span><span class="add"><?php _e('Add'); ?></span></a> 173 173 </div> 174 174 <div class="widget-title"><h4><?php echo $widget_title ?><span class="in-widget-title"></span></h4></div> -
trunk/wp-admin/js/revisions-js.php
r11380 r11383 13 13 } 14 14 15 $j = clean_url( site_url( '/wp-includes/js/jquery/jquery.js' ) );15 $j = esc_url( site_url( '/wp-includes/js/jquery/jquery.js' ) ); 16 16 $n = esc_html( $GLOBALS['current_user']->data->display_name ); 17 17 $d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) ); -
trunk/wp-admin/media.php
r11294 r11383 85 85 <h2><?php _e( 'Edit Media' ); ?></h2> 86 86 87 <form method="post" action="<?php echo clean_url( remove_query_arg( 'message' ) ); ?>" class="media-upload-form" id="media-single-form">87 <form method="post" action="<?php echo esc_url( remove_query_arg( 'message' ) ); ?>" class="media-upload-form" id="media-single-form"> 88 88 <div class="media-single"> 89 89 <div id='media-item-<?php echo $att_id; ?>' class='media-item'> -
trunk/wp-admin/plugins.php
r11380 r11383 135 135 </ul> 136 136 <p><?php _e('Are you sure you wish to delete these files?') ?></p> 137 <form method="post" action="<?php echo clean_url($_SERVER['REQUEST_URI']); ?>" style="display:inline;">137 <form method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>" style="display:inline;"> 138 138 <input type="hidden" name="verify-delete" value="1" /> 139 139 <input type="hidden" name="action" value="delete-selected" /> … … 145 145 <input type="submit" name="submit" value="<?php esc_attr_e('Yes, Delete these files') ?>" class="button" /> 146 146 </form> 147 <form method="post" action="<?php echo clean_url(wp_get_referer()); ?>" style="display:inline;">147 <form method="post" action="<?php echo esc_url(wp_get_referer()); ?>" style="display:inline;"> 148 148 <input type="submit" name="submit" value="<?php esc_attr_e('No, Return me to the plugin list') ?>" class="button" /> 149 149 </form> -
trunk/wp-admin/press-this.php
r11380 r11383 98 98 $selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>'; 99 99 } 100 $url = isset($_GET['u']) ? clean_url($_GET['u']) : '';100 $url = isset($_GET['u']) ? esc_url($_GET['u']) : ''; 101 101 $image = isset($_GET['i']) ? $_GET['i'] : ''; 102 102 … … 141 141 142 142 <p class="centered"><input type="hidden" name="this_photo" value="<?php echo esc_attr($image); ?>" id="this_photo" /> 143 <a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo esc_attr(__('Click to insert.')); ?>" title="<?php echo esc_attr(__('Click to insert.')); ?>" /></a></p>143 <a href="#" class="select"><img src="<?php echo esc_url($image); ?>" alt="<?php echo esc_attr(__('Click to insert.')); ?>" title="<?php echo esc_attr(__('Click to insert.')); ?>" /></a></p> 144 144 145 145 <p id="options"><a href="#" class="select button"><?php _e('Insert Image'); ?></a> <a href="#" class="cancel button"><?php _e('Cancel'); ?></a></p> … … 206 206 else 207 207 $src = 'http://'.str_replace('//','/', $host['host'].'/'.dirname($host['path']).'/'.$src); 208 $sources[] = clean_url($src);208 $sources[] = esc_url($src); 209 209 } 210 210 return "'" . implode("','", $sources) . "'"; … … 223 223 jQuery.ajax({ 224 224 type: "GET", 225 url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>",225 url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>", 226 226 cache : false, 227 227 async : false, … … 234 234 jQuery.ajax({ 235 235 type: "GET", 236 url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>",236 url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>", 237 237 cache : false, 238 238 async : false, … … 378 378 switch(tab_name) { 379 379 case 'video' : 380 jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo esc_attr($selection); ?>'}, function() {380 jQuery('#extra_fields').load('<?php echo esc_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo esc_attr($selection); ?>'}, function() { 381 381 <?php 382 382 $content = ''; … … 407 407 type: "GET", 408 408 cache : false, 409 url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>",409 url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>", 410 410 data: "ajax=photo_js&u=<?php echo urlencode($url)?>", 411 411 dataType : "script", -
trunk/wp-admin/themes.php
r11380 r11383 195 195 $template_dir = $themes[$theme_name]['Template Dir']; 196 196 $parent_theme = $themes[$theme_name]['Parent Theme']; 197 $preview_link = clean_url( get_option('home') . '/');197 $preview_link = esc_url( get_option('home') . '/'); 198 198 $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) ); 199 199 $preview_text = esc_attr( sprintf( __('Preview of “%s”'), $title ) ); -
trunk/wp-admin/update-core.php
r11273 r11383 45 45 echo '<input name="version" value="'. esc_attr($update->current) .'" type="hidden"/>'; 46 46 echo '<input name="locale" value="'. esc_attr($update->locale) .'" type="hidden"/>'; 47 echo '<a href="' . clean_url($update->package) . '" class="button">' . $download . '</a> ';47 echo '<a href="' . esc_url($update->package) . '" class="button">' . $download . '</a> '; 48 48 if ( 'en_US' != $update->locale ) 49 49 if ( !isset( $update->dismissed ) || !$update->dismissed ) -
trunk/wp-admin/upgrade.php
r11189 r11383 58 58 case 0: 59 59 $goback = stripslashes( wp_get_referer() ); 60 $goback = clean_url( $goback, null, 'url');60 $goback = esc_url_raw( $goback ); 61 61 $goback = urlencode( $goback ); 62 62 ?> … … 74 74 else { 75 75 $backto = stripslashes( urldecode( $_GET['backto'] ) ); 76 $backto = clean_url( $backto, null, 'url');76 $backto = esc_urlaw( $backto ); 77 77 } 78 78 ?> -
trunk/wp-admin/user-edit.php
r11380 r11383 121 121 <?php wp_nonce_field('update-user_' . $user_id) ?> 122 122 <?php if ( $wp_http_referer ) : ?> 123 <input type="hidden" name="wp_http_referer" value="<?php echo clean_url($wp_http_referer); ?>" />123 <input type="hidden" name="wp_http_referer" value="<?php echo esc_url($wp_http_referer); ?>" /> 124 124 <?php endif; ?> 125 125 <p> -
trunk/wp-comments-post.php
r11248 r11383 82 82 setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); 83 83 setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); 84 setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);84 setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN); 85 85 } 86 86 -
trunk/wp-includes/bookmark-template.php
r11204 r11383 71 71 $the_link = '#'; 72 72 if ( !empty($bookmark->link_url) ) 73 $the_link = clean_url($bookmark->link_url);73 $the_link = esc_url($bookmark->link_url); 74 74 75 75 $desc = esc_attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display')); -
trunk/wp-includes/category-template.php
r11324 r11383 660 660 foreach ( $tags as $key => $tag ) { 661 661 $count = $counts[ $key ]; 662 $tag_link = '#' != $tag->link ? clean_url( $tag->link ) : '#';662 $tag_link = '#' != $tag->link ? esc_url( $tag->link ) : '#'; 663 663 $tag_id = isset($tags[ $key ]->id) ? $tags[ $key ]->id : $key; 664 664 $tag_name = $tags[ $key ]->name; -
trunk/wp-includes/class.wp-scripts.php
r11245 r11383 116 116 117 117 $src = add_query_arg('ver', $ver, $src); 118 $src = clean_url(apply_filters( 'script_loader_src', $src, $handle ));118 $src = esc_url(apply_filters( 'script_loader_src', $src, $handle )); 119 119 120 120 if ( $this->do_concat ) -
trunk/wp-includes/class.wp-styles.php
r11219 r11383 103 103 $src = add_query_arg('ver', $ver, $src); 104 104 $src = apply_filters( 'style_loader_src', $src, $handle ); 105 return clean_url( $src );105 return esc_url( $src ); 106 106 } 107 107 -
trunk/wp-includes/comment-template.php
r11380 r11383 996 996 997 997 if ( get_option('comment_registration') && !$user_ID ) 998 $link = '<a rel="nofollow" class="comment-reply-login" href="' . clean_url( wp_login_url( get_permalink() ) ) . '">' . $login_text . '</a>';998 $link = '<a rel="nofollow" class="comment-reply-login" href="' . esc_url( wp_login_url( get_permalink() ) ) . '">' . $login_text . '</a>'; 999 999 else 1000 $link = "<a rel='nofollow' class='comment-reply-link' href='" . clean_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>";1000 $link = "<a rel='nofollow' class='comment-reply-link' href='" . esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>"; 1001 1001 return apply_filters('comment_reply_link', $before . $link . $after, $args, $comment, $post); 1002 1002 } -
trunk/wp-includes/default-filters.php
r11380 r11383 44 44 add_filter($filter, 'strip_tags'); 45 45 add_filter($filter, 'trim'); 46 add_filter($filter, ' sanitize_url');46 add_filter($filter, 'esc_url_raw'); 47 47 add_filter($filter, 'wp_filter_kses'); 48 48 } … … 53 53 add_filter($filter, 'strip_tags'); 54 54 add_filter($filter, 'trim'); 55 add_filter($filter, ' clean_url');55 add_filter($filter, 'esc_url'); 56 56 add_filter($filter, 'wp_filter_kses'); 57 57 } -
trunk/wp-includes/default-widgets.php
r11380 r11383 660 660 <ul id="recentcomments"><?php 661 661 if ( $comments ) : foreach ( (array) $comments as $comment) : 662 echo '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . clean_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';662 echo '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . esc_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>'; 663 663 endforeach; endif;?></ul> 664 664 <?php echo $after_widget; ?> … … 731 731 if ( empty($title) ) 732 732 $title = htmlentities(strip_tags($rss->get_title())); 733 $link = clean_url(strip_tags($rss->get_permalink()));733 $link = esc_url(strip_tags($rss->get_permalink())); 734 734 while ( stristr($link, 'http') != $link ) 735 735 $link = substr($link, 1); … … 740 740 741 741 $title = apply_filters('widget_title', $title ); 742 $url = clean_url(strip_tags($url));742 $url = esc_url(strip_tags($url)); 743 743 $icon = includes_url('images/rss.png'); 744 744 if ( $title ) … … 814 814 while ( stristr($link, 'http') != $link ) 815 815 $link = substr($link, 1); 816 $link = clean_url(strip_tags($link));816 $link = esc_url(strip_tags($link)); 817 817 $title = esc_attr(strip_tags($item->get_title())); 818 818 if ( empty($title) ) … … 880 880 $number = esc_attr( $number ); 881 881 $title = esc_attr( $title ); 882 $url = clean_url( $url );882 $url = esc_url( $url ); 883 883 $items = (int) $items; 884 884 if ( $items < 1 || 20 < $items ) … … 959 959 if ( $items < 1 || 20 < $items ) 960 960 $items = 10; 961 $url = sanitize_url(strip_tags( $widget_rss['url'] ));961 $url = esc_url_raw(strip_tags( $widget_rss['url'] )); 962 962 $title = trim(strip_tags( $widget_rss['title'] )); 963 963 $show_summary = (int) $widget_rss['show_summary']; … … 972 972 $error = $rss->get_error_message(); 973 973 } else { 974 $link = clean_url(strip_tags($rss->get_permalink()));974 $link = esc_url(strip_tags($rss->get_permalink())); 975 975 while ( stristr($link, 'http') != $link ) 976 976 $link = substr($link, 1); -
trunk/wp-includes/deprecated.php
r11269 r11383 1002 1002 $the_link = '#'; 1003 1003 if ( !empty($row->link_url) ) 1004 $the_link = clean_url($row->link_url);1004 $the_link = esc_url($row->link_url); 1005 1005 $rel = $row->link_rel; 1006 1006 if ( '' != $rel ) -
trunk/wp-includes/feed.php
r11380 r11383 256 256 */ 257 257 function comment_link() { 258 echo clean_url( get_comment_link() );258 echo esc_url( get_comment_link() ); 259 259 } 260 260 … … 504 504 $host = @parse_url(get_option('home')); 505 505 $host = $host['host']; 506 echo clean_url(506 echo esc_url( 507 507 'http' 508 508 . ( (isset($_SERVER['https']) && $_SERVER['https'] == 'on') ? 's' : '' ) . '://' -
trunk/wp-includes/formatting.php
r11380 r11383 1150 1150 function _make_url_clickable_cb($matches) { 1151 1151 $url = $matches[2]; 1152 $url = clean_url($url);1152 $url = esc_url($url); 1153 1153 if ( empty($url) ) 1154 1154 return $matches[0]; … … 1172 1172 $dest = $matches[2]; 1173 1173 $dest = 'http://' . $dest; 1174 $dest = clean_url($dest);1174 $dest = esc_url($dest); 1175 1175 if ( empty($dest) ) 1176 1176 return $matches[0]; … … 1989 1989 * 1990 1990 * A number of characters are removed from the URL. If the URL is for displaying 1991 * (the default behaviour) amperstands are also replaced. The ' clean_url' filter1991 * (the default behaviour) amperstands are also replaced. The 'esc_url' filter 1992 1992 * is applied to the returned cleaned URL. 1993 1993 * … … 2033 2033 2034 2034 /** 2035 * Performs clean_url() for database usage. 2036 * 2037 * @see clean_url() 2035 * Checks and cleans a URL. 2036 * 2037 * A number of characters are removed from the URL. If the URL is for displaying 2038 * (the default behaviour) amperstands are also replaced. The 'esc_url' filter 2039 * is applied to the returned cleaned URL. 2040 * 2041 * @since 2.8.0 2042 * @uses esc_url() 2043 * @uses wp_kses_bad_protocol() To only permit protocols in the URL set 2044 * via $protocols or the common ones set in the function. 2045 * 2046 * @param string $url The URL to be cleaned. 2047 * @param array $protocols Optional. An array of acceptable protocols. 2048 * Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set. 2049 * @return string The cleaned $url after the 'cleaned_url' filter is applied. 2050 */ 2051 function esc_url( $url, $protocols = null ) { 2052 return clean_url( $url, $protocols, 'display' ); 2053 } 2054 2055 /** 2056 * Performs esc_url() for database usage. 2057 * 2058 * @see esc_url() 2059 * @see esc_url() 2060 * 2061 * @since 2.8.0 2062 * 2063 * @param string $url The URL to be cleaned. 2064 * @param array $protocols An array of acceptable protocols. 2065 * @return string The cleaned URL. 2066 */ 2067 function esc_url_raw( $url, $protocols = null ) { 2068 return clean_url( $url, $protocols, 'db' ); 2069 } 2070 2071 /** 2072 * Performs esc_url() for database or redirect usage. 2073 * 2074 * @see esc_url() 2075 * @deprecated 2.8.0 2038 2076 * 2039 2077 * @since 2.3.1 … … 2281 2319 case 'home': 2282 2320 $value = stripslashes($value); 2283 $value = clean_url($value);2321 $value = esc_url($value); 2284 2322 break; 2285 2323 default : -
trunk/wp-includes/functions.php
r11380 r11383 2337 2337 $html = esc_html( wp_explain_nonce( $action ) ); 2338 2338 if ( wp_get_referer() ) 2339 $html .= "</p><p><a href='" . clean_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";2339 $html .= "</p><p><a href='" . esc_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>"; 2340 2340 elseif ( 'log-out' == $action ) 2341 2341 $html .= "</p><p>" . sprintf( __( "Do you really want to <a href='%s'>log out</a>?"), wp_logout_url() ); -
trunk/wp-includes/general-template.php
r11380 r11383 142 142 function wp_loginout($redirect = '') { 143 143 if ( ! is_user_logged_in() ) 144 $link = '<a href="' . clean_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>';144 $link = '<a href="' . esc_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>'; 145 145 else 146 $link = '<a href="' . clean_url( wp_logout_url($redirect) ) . '">' . __('Log out') . '</a>';146 $link = '<a href="' . esc_url( wp_logout_url($redirect) ) . '">' . __('Log out') . '</a>'; 147 147 148 148 echo apply_filters('loginout', $link); … … 690 690 $text = wptexturize($text); 691 691 $title_text = esc_attr($text); 692 $url = clean_url($url);692 $url = esc_url($url); 693 693 694 694 if ('link' == $format) … … 1808 1808 $link = add_query_arg( $add_args, $link ); 1809 1809 $link .= $add_fragment; 1810 $page_links[] = "<a class='prev page-numbers' href='" . clean_url($link) . "'>$prev_text</a>";1810 $page_links[] = "<a class='prev page-numbers' href='" . esc_url($link) . "'>$prev_text</a>"; 1811 1811 endif; 1812 1812 for ( $n = 1; $n <= $total; $n++ ) : … … 1822 1822 $link = add_query_arg( $add_args, $link ); 1823 1823 $link .= $add_fragment; 1824 $page_links[] = "<a class='page-numbers' href='" . clean_url($link) . "'>$n_display</a>";1824 $page_links[] = "<a class='page-numbers' href='" . esc_url($link) . "'>$n_display</a>"; 1825 1825 $dots = true; 1826 1826 elseif ( $dots && !$show_all ) : … … 1836 1836 $link = add_query_arg( $add_args, $link ); 1837 1837 $link .= $add_fragment; 1838 $page_links[] = "<a class='next page-numbers' href='" . clean_url($link) . "'>$next_text</a>";1838 $page_links[] = "<a class='next page-numbers' href='" . esc_url($link) . "'>$next_text</a>"; 1839 1839 endif; 1840 1840 switch ( $type ) : … … 1936 1936 } 1937 1937 1938 echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . clean_url( wp_admin_css_uri( $file ) ) . "' type='text/css' />\n", $file );1938 echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( $file ) ) . "' type='text/css' />\n", $file ); 1939 1939 if ( 'rtl' == get_bloginfo( 'text_direction' ) ) 1940 echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . clean_url( wp_admin_css_uri( "$file-rtl" ) ) . "' type='text/css' />\n", "$file-rtl" );1940 echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( "$file-rtl" ) ) . "' type='text/css' />\n", "$file-rtl" ); 1941 1941 } 1942 1942 -
trunk/wp-includes/link-template.php
r11364 r11383 1316 1316 */ 1317 1317 function next_posts( $max_page = 0, $echo = true ) { 1318 $output = clean_url( get_next_posts_page_link( $max_page ) );1318 $output = esc_url( get_next_posts_page_link( $max_page ) ); 1319 1319 1320 1320 if ( $echo ) … … 1394 1394 */ 1395 1395 function previous_posts( $echo = true ) { 1396 $output = clean_url( get_previous_posts_page_link() );1396 $output = esc_url( get_previous_posts_page_link() ); 1397 1397 1398 1398 if ( $echo ) … … 1551 1551 $label = __('Newer Comments »'); 1552 1552 1553 return '<a href="' . clean_url( get_comments_pagenum_link( $nextpage, $max_page ) ) . '" ' . apply_filters( 'next_comments_link_attributes', '' ) . '>'. preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>';1553 return '<a href="' . esc_url( get_comments_pagenum_link( $nextpage, $max_page ) ) . '" ' . apply_filters( 'next_comments_link_attributes', '' ) . '>'. preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>'; 1554 1554 } 1555 1555 … … 1588 1588 $label = __('« Older Comments'); 1589 1589 1590 return '<a href="' . clean_url( get_comments_pagenum_link( $prevpage ) ) . '" ' . apply_filters( 'previous_comments_link_attributes', '' ) . '>' . preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>';1590 return '<a href="' . esc_url( get_comments_pagenum_link( $prevpage ) ) . '" ' . apply_filters( 'previous_comments_link_attributes', '' ) . '>' . preg_replace('/&([^#])(?![a-z]{1,8};)/', '&$1', $label) .'</a>'; 1591 1591 } 1592 1592 -
trunk/wp-includes/rss.php
r11204 r11383 873 873 printf( 874 874 '<li><a href="%1$s" title="%2$s">%3$s</a></li>', 875 clean_url( $item['link'] ),875 esc_url( $item['link'] ), 876 876 esc_attr( strip_tags( $item['description'] ) ), 877 877 htmlentities( $item['title'] ) -
trunk/wp-includes/theme.php
r11204 r11383 186 186 187 187 if ( preg_match( '|Theme URI:(.*)$|mi', $theme_data, $theme_uri ) ) 188 $theme_uri = clean_url( _cleanup_header_comment($theme_uri[1]) );188 $theme_uri = esc_url( _cleanup_header_comment($theme_uri[1]) ); 189 189 else 190 190 $theme_uri = ''; … … 196 196 197 197 if ( preg_match( '|Author URI:(.*)$|mi', $theme_data, $author_uri ) ) 198 $author_uri = clean_url( _cleanup_header_comment($author_uri[1]) );198 $author_uri = esc_url( _cleanup_header_comment($author_uri[1]) ); 199 199 else 200 200 $author_uri = ''; -
trunk/wp-includes/update.php
r11209 r11383 68 68 $new_option->response = esc_attr( $returns[0] ); 69 69 if ( isset( $returns[1] ) ) 70 $new_option->url = clean_url( $returns[1] );70 $new_option->url = esc_url( $returns[1] ); 71 71 if ( isset( $returns[2] ) ) 72 $new_option->package = clean_url( $returns[2] );72 $new_option->package = esc_url( $returns[2] ); 73 73 if ( isset( $returns[3] ) ) 74 74 $new_option->current = esc_attr( $returns[3] ); -
trunk/wp-includes/version.php
r11381 r11383 16 16 * @global int $wp_db_version 17 17 */ 18 $wp_db_version = 1085 0;18 $wp_db_version = 10851; 19 19 20 20 ?>
Note: See TracChangeset
for help on using the changeset viewer.