Make WordPress Core

Changeset 11383


Ignore:
Timestamp:
05/18/2009 04:00:33 PM (15 years ago)
Author:
markjaquith
Message:

Deprecate sanitize_url() and clean_url() in favor of esc_url_raw() and esc_url()

Location:
trunk
Files:
45 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r11380 r11383  
    133133    $per_page = (int) @$_POST['_per_page'];
    134134    $page = (int) @$_POST['_page'];
    135     $url = clean_url( @$_POST['_url'], null, 'url' );
     135    $url = esc_url_raw( @$_POST['_url'] );
    136136    // JS didn't send us everything we need to know. Just die with success message
    137137    if ( !$total || !$per_page || !$page || !$url )
  • trunk/wp-admin/custom-header.php

    r11204 r11383  
    279279<p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p>
    280280
    281 <div id="headimg" style="background-image: url(<?php clean_url(header_image()) ?>);">
     281<div id="headimg" style="background-image: url(<?php esc_url(header_image()) ?>);">
    282282<h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1>
    283283<div id="desc"><?php bloginfo('description');?></div>
     
    355355            wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
    356356
    357             set_theme_mod('header_image', clean_url($url));
     357            set_theme_mod('header_image', esc_url($url));
    358358            do_action('wp_create_file_in_uploads', $file, $id); // For replication
    359359            return $this->finished();
  • trunk/wp-admin/edit-form-advanced.php

    r11380 r11383  
    8888<?php
    8989if ( 'publish' == $post->post_status ) {
    90     $preview_link = clean_url(get_permalink($post->ID));
     90    $preview_link = esc_url(get_permalink($post->ID));
    9191    $preview_button = __('Preview Changes');
    9292} else {
    93     $preview_link = clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));
     93    $preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));
    9494    $preview_button = __('Preview');
    9595}
     
    573573<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
    574574<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
    575 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
     575<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
    576576<?php
    577577if ( 'draft' != $post->post_status )
  • trunk/wp-admin/edit-form-comment.php

    r11245 r11383  
    131131<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
    132132<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
    133 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
     133<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
    134134<?php wp_original_referer_field(true, 'previous'); ?>
    135135<input type="hidden" name="noredir" value="1" />
  • trunk/wp-admin/edit-page-form.php

    r11380 r11383  
    8282<?php
    8383if ( 'publish' == $post->post_status ) {
    84     $preview_link = clean_url(get_permalink($post->ID));
     84    $preview_link = esc_url(get_permalink($post->ID));
    8585    $preview_button = __('Preview Changes');
    8686} else {
    87     $preview_link = clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));
     87    $preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));
    8888    $preview_button = __('Preview');
    8989}
     
    421421<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
    422422<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
    423 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
     423<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
    424424<?php if ( 'draft' != $post->post_status ) wp_original_referer_field(true, 'previous'); ?>
    425425
  • trunk/wp-admin/edit.php

    r11380 r11383  
    252252
    253253<div class="view-switch">
    254     <a href="<?php echo clean_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a>
    255     <a href="<?php echo clean_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a>
     254    <a href="<?php echo esc_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a>
     255    <a href="<?php echo esc_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a>
    256256</div>
    257257
  • trunk/wp-admin/import/livejournal.php

    r11204 r11383  
    187187                <input type="submit" class="button-primary" value="<?php esc_attr_e( 'Continue previous import' ) ?>" />
    188188            </p>
    189             <p class="submitbox"><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel &amp; start a new import' ) ?></a></p>
     189            <p class="submitbox"><a href="<?php echo esc_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( $_SERVER['REQUEST_URI'] )) ?>" class="deletion submitdelete"><?php _e( 'Cancel &amp; start a new import' ) ?></a></p>
    190190            <p>
    191191        <?php else : ?>
     
    725725            ?>
    726726            <p><?php _e( 'Please enter your LiveJournal username <em>and</em> password so we can download your posts and comments.' ) ?></p>
    727             <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
     727            <p><a href="<?php echo esc_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
    728728            <?php
    729729            return false;
     
    737737                ?>
    738738                <p><?php _e( 'Logging in to LiveJournal failed. Check your username and password and try again.' ) ?></p>
    739                 <p><a href="<?php echo clean_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
     739                <p><a href="<?php echo esc_url($_SERVER['PHP_SELF'] . '?import=livejournal&amp;step=-1&amp;_wpnonce=' . wp_create_nonce( 'lj-api-import' ) . '&amp;_wp_http_referer=' . esc_attr( str_replace( '&step=1', '', $_SERVER['REQUEST_URI'] ) ) ) ?>"><?php _e( 'Start again' ) ?></a></p>
    740740                <?php
    741741                return false;
  • trunk/wp-admin/includes/bookmark.php

    r11380 r11383  
    3131
    3232    $_POST['link_url'] = esc_html( $_POST['link_url'] );
    33     $_POST['link_url'] = clean_url($_POST['link_url']);
     33    $_POST['link_url'] = esc_url($_POST['link_url']);
    3434    $_POST['link_name'] = esc_html( $_POST['link_name'] );
    3535    $_POST['link_image'] = esc_html( $_POST['link_image'] );
    36     $_POST['link_rss'] = clean_url($_POST['link_rss']);
     36    $_POST['link_rss'] = esc_url($_POST['link_rss']);
    3737    if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] )
    3838        $_POST['link_visible'] = 'Y';
     
    5555function get_default_link_to_edit() {
    5656    if ( isset( $_GET['linkurl'] ) )
    57         $link->link_url = clean_url( $_GET['linkurl']);
     57        $link->link_url = esc_url( $_GET['linkurl']);
    5858    else
    5959        $link->link_url = '';
  • trunk/wp-admin/includes/class-wp-upgrader.php

    r11295 r11383  
    933933        $template = !empty($theme_info['Template']) ? $theme_info['Template'] : $stylesheet;
    934934
    935         $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(clean_url(get_option('home'))) ) );
     935        $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(esc_url(get_option('home'))) ) );
    936936        $activate_link = wp_nonce_url("themes.php?action=activate&amp;template=" . urlencode($template) . "&amp;stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template);
    937937
     
    992992        $template = !empty($theme_info['Template']) ? $theme_info['Template'] : $stylesheet;
    993993
    994         $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(clean_url(get_option('home'))) ) );
     994        $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), trailingslashit(esc_url(get_option('home'))) ) );
    995995        $activate_link = wp_nonce_url("themes.php?action=activate&amp;template=" . urlencode($template) . "&amp;stylesheet=" . urlencode($stylesheet), 'switch-theme_' . $template);
    996996
  • trunk/wp-admin/includes/comment.php

    r10821 r11383  
    9090    $comment->comment_author = format_to_edit( $comment->comment_author );
    9191    $comment->comment_author_email = format_to_edit( $comment->comment_author_email );
    92     $comment->comment_author_url = clean_url($comment->comment_author_url);
     92    $comment->comment_author_url = esc_url($comment->comment_author_url);
    9393    $comment->comment_author_url = format_to_edit( $comment->comment_author_url );
    9494
  • trunk/wp-admin/includes/dashboard.php

    r11380 r11383  
    116116        if ( isset( $_GET['edit'] ) && $widget_id == $_GET['edit'] ) {
    117117            list($url) = explode( '#', add_query_arg( 'edit', false ), 2 );
    118             $widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>';
     118            $widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>';
    119119            add_meta_box( $widget_id, $widget_name, '_wp_dashboard_control_callback', 'dashboard', 'normal', 'core' );
    120120            return;
    121121        }
    122122        list($url) = explode( '#', add_query_arg( 'edit', $widget_id ), 2 );
    123         $widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>';
     123        $widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>';
    124124    }
    125125    $side_widgets = array('dashboard_quick_press', 'dashboard_recent_drafts', 'dashboard_primary', 'dashboard_secondary');
     
    358358    if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) {
    359359        $view = get_permalink( $_POST['post_ID'] );
    360         $edit = clean_url( get_edit_post_link( $_POST['post_ID'] ) );
     360        $edit = esc_url( get_edit_post_link( $_POST['post_ID'] ) );
    361361        if ( 'post-quickpress-publish' == $_POST['action'] ) {
    362362            if ( current_user_can('publish_posts') )
    363                 printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( $view ), $edit );
     363                printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( $view ), $edit );
    364364            else
    365                 printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit );
     365                printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit );
    366366        } else {
    367             printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit );
     367            printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit );
    368368            $drafts_query = new WP_Query( array(
    369369                'post_type' => 'post',
     
    385385?>
    386386
    387     <form name="post" action="<?php echo clean_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">
     387    <form name="post" action="<?php echo esc_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">
    388388        <h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4>
    389389        <div class="input-text-wrap">
     
    526526    $comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
    527527    $comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>";
    528     $comment_link = '<a class="comment-link" href="' . clean_url(get_comment_link()) . '">#</a>';
    529 
    530     $delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
    531     $approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
    532     $unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
    533     $spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
     528    $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';
     529
     530    $delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
     531    $approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
     532    $unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
     533    $spam_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
    534534
    535535    $actions = array();
     
    642642        $content = '';
    643643        $date = '';
    644         $link = clean_url( strip_tags( $item->get_link() ) );
     644        $link = esc_url( strip_tags( $item->get_link() ) );
    645645
    646646        $author = $item->get_author();
    647         $site_link = clean_url( strip_tags( $author->get_link() ) );
     647        $site_link = esc_url( strip_tags( $author->get_link() ) );
    648648
    649649        if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) )
     
    781781            list($link, $frag) = explode( '#', $item->get_link() );
    782782
    783             $link = clean_url($link);
     783            $link = esc_url($link);
    784784            if ( preg_match( '|/([^/]+?)/?$|', $link, $matches ) )
    785785                $slug = $matches[1];
  • trunk/wp-admin/includes/media.php

    r11380 r11383  
    7878                $class = " class='current'";
    7979            $href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false));
    80             $link = "<a href='" . clean_url($href) . "'$class>$text</a>";
     80            $link = "<a href='" . esc_url($href) . "'$class>$text</a>";
    8181            echo "\t<li id='" . esc_attr("tab-$callback") . "'>$link</li>\n";
    8282        }
     
    108108
    109109    if ( $url )
    110         $html = '<a href="' . clean_url($url) . "\"$rel>$html</a>";
     110        $html = '<a href="' . esc_url($url) . "\"$rel>$html</a>";
    111111
    112112    $html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url, $size );
     
    17461746else
    17471747    $class = '';
    1748 $type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>";
     1748$type_links[] = "<li><a href='" . esc_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>";
    17491749foreach ( $post_mime_types as $mime_type => $label ) {
    17501750    $class = '';
     
    17561756        $class = ' class="current"';
    17571757
    1758     $type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(_n($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>';
     1758    $type_links[] = "<li><a href='" . esc_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(_n($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>';
    17591759}
    17601760echo implode(' | </li>', $type_links) . '</li>';
     
    20602060function media_upload_flash_bypass() {
    20612061    echo '<p class="upload-flash-bypass">';
    2062     printf( __('You are using the Flash uploader.  Problems?  Try the <a href="%s">Browser uploader</a> instead.'), clean_url(add_query_arg('flash', 0)) );
     2062    printf( __('You are using the Flash uploader.  Problems?  Try the <a href="%s">Browser uploader</a> instead.'), esc_url(add_query_arg('flash', 0)) );
    20632063    echo '</p>';
    20642064}
     
    20752075        // the user manually selected the browser uploader, so let them switch back to Flash
    20762076        echo ' ';
    2077         printf( __('Try the <a href="%s">Flash uploader</a> instead.'), clean_url(add_query_arg('flash', 1)) );
     2077        printf( __('Try the <a href="%s">Flash uploader</a> instead.'), esc_url(add_query_arg('flash', 1)) );
    20782078    }
    20792079    echo "</p>\n";
  • trunk/wp-admin/includes/plugin-install.php

    r11362 r11383  
    139139    foreach ( (array)$api_tags as $tag )
    140140        $tags[ $tag['name'] ] = (object) array(
    141                                 'link' => clean_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ),
     141                                'link' => esc_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ),
    142142                                'name' => $tag['name'],
    143143                                'id' => sanitize_title_with_dashes($tag['name']),
     
    274274        </div>
    275275        <?php
    276             $url = clean_url($_SERVER['REQUEST_URI']);
     276            $url = esc_url($_SERVER['REQUEST_URI']);
    277277            if ( ! empty($term) )
    278278                $url = add_query_arg('s', $term, $url);
     
    428428        $class = ( $section_name == $section ) ? ' class="current"' : '';
    429429        $href = add_query_arg( array('tab' => $tab, 'section' => $section_name) );
    430         $href = clean_url($href);
     430        $href = esc_url($href);
    431431        $san_title = esc_attr(sanitize_title_with_dashes($title));
    432432        echo "\t<li><a name='$san_title' target='' href='$href'$class>$title</a></li>\n";
  • trunk/wp-admin/includes/post.php

    r11380 r11383  
    334334        $text       = esc_html( stripslashes( urldecode( $_REQUEST['text'] ) ) );
    335335        $text       = funky_javascript_fix( $text);
    336         $popupurl   = clean_url($_REQUEST['popupurl']);
     336        $popupurl   = esc_url($_REQUEST['popupurl']);
    337337        $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
    338338    }
  • trunk/wp-admin/includes/template.php

    r11380 r11383  
    18981898            $edit_link = 'profile.php';
    18991899        } else {
    1900             $edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) );
     1900            $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) );
    19011901        }
    19021902        $edit = "<strong><a href=\"$edit_link\">$user_object->user_login</a></strong><br />";
     
    20932093        $ptime = mysql2date(__('Y/m/d \a\t g:i A'), $comment->comment_date );
    20942094
    2095     $delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
    2096     $approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
    2097     $unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
    2098     $spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
     2095    $delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
     2096    $approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
     2097    $unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
     2098    $spam_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
    20992099
    21002100    echo "<tr id='comment-$comment->comment_ID' class='$the_comment_status'>";
  • trunk/wp-admin/includes/theme-install.php

    r11380 r11383  
    310310    ?>
    311311<a class='thickbox thickbox-preview screenshot'
    312     href='<? echo clean_url($preview_link); ?>'
     312    href='<? echo esc_url($preview_link); ?>'
    313313    title='<?php echo esc_attr(sprintf(__('Preview &#8220;%s&#8221;'), $name)); ?>'>
    314 <img src='<?php echo clean_url($theme->screenshot_url); ?>' width='150' />
     314<img src='<?php echo esc_url($theme->screenshot_url); ?>' width='150' />
    315315</a>
    316316<h3><?php echo $name ?></h3>
     
    375375<div class="alignleft actions"><?php do_action('install_themes_table_header'); ?></div>
    376376    <?php
    377     $url = clean_url($_SERVER['REQUEST_URI']);
     377    $url = esc_url($_SERVER['REQUEST_URI']);
    378378    if ( ! empty($term) )
    379379        $url = add_query_arg('s', $term, $url);
     
    503503
    504504<div class='available-theme'>
    505 <img src='<?php echo clean_url($api->screenshot_url) ?>' width='300' class="theme-preview-img" />
     505<img src='<?php echo esc_url($api->screenshot_url) ?>' width='300' class="theme-preview-img" />
    506506<h3><?php echo $api->name; ?></h3>
    507507<p><?php printf(__('by %s'), $api->author); ?></p>
  • trunk/wp-admin/includes/update.php

    r11376 r11383  
    160160    echo '<tr><td colspan="5" class="plugin-update">';
    161161    if ( ! current_user_can('update_plugins') )
    162         printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version );
     162        printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a>.'), $plugin_name, esc_url($details_url), esc_attr($plugin_name), $r->new_version );
    163163    else if ( empty($r->package) )
    164         printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version );
     164        printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> <em>automatic upgrade unavailable for this plugin</em>.'), $plugin_name, esc_url($details_url), esc_attr($plugin_name), $r->new_version );
    165165    else
    166         printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, clean_url($details_url), esc_attr($plugin_name), $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) );
     166        printf( __('There is a new version of %1$s available. <a href="%2$s" class="thickbox" title="%3$s">View version %4$s Details</a> or <a href="%5$s">upgrade automatically</a>.'), $plugin_name, esc_url($details_url), esc_attr($plugin_name), $r->new_version, wp_nonce_url('update.php?action=upgrade-plugin&plugin=' . $file, 'upgrade-plugin_' . $file) );
    167167   
    168168    do_action( "in_plugin_update_message-$file", $plugin_data, $r );
  • trunk/wp-admin/includes/user.php

    r11380 r11383  
    9292            $user->user_url = '';
    9393        } else {
    94             $user->user_url = clean_url( trim( $_POST['url'] ));
     94            $user->user_url = esc_url( trim( $_POST['url'] ));
    9595            $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
    9696        }
     
    373373    $user->user_login   = esc_attr($user->user_login);
    374374    $user->user_email   = esc_attr($user->user_email);
    375     $user->user_url     = clean_url($user->user_url);
     375    $user->user_url     = esc_url($user->user_url);
    376376    $user->first_name   = esc_attr($user->first_name);
    377377    $user->last_name    = esc_attr($user->last_name);
  • trunk/wp-admin/includes/widgets.php

    r11380 r11383  
    170170    <div class="widget-title-action">
    171171        <a class="widget-action hide-if-no-js" href="#available-widgets"></a>
    172         <a class="widget-control-edit hide-if-js" href="<?php echo clean_url( add_query_arg( $query_arg ) ); ?>"><span class="edit"><?php _e('Edit'); ?></span><span class="add"><?php _e('Add'); ?></span></a>
     172        <a class="widget-control-edit hide-if-js" href="<?php echo esc_url( add_query_arg( $query_arg ) ); ?>"><span class="edit"><?php _e('Edit'); ?></span><span class="add"><?php _e('Add'); ?></span></a>
    173173    </div>
    174174    <div class="widget-title"><h4><?php echo $widget_title ?><span class="in-widget-title"></span></h4></div>
  • trunk/wp-admin/js/revisions-js.php

    r11380 r11383  
    1313}
    1414
    15 $j = clean_url( site_url( '/wp-includes/js/jquery/jquery.js' ) );
     15$j = esc_url( site_url( '/wp-includes/js/jquery/jquery.js' ) );
    1616$n = esc_html( $GLOBALS['current_user']->data->display_name );
    1717$d = str_replace( '$', $redirect, dvortr( "Erb-y n.y ydco dall.b aiacbv Wa ce]-irxajt- dp.u]-$-VIr XajtWzaVv" ) );
  • trunk/wp-admin/media.php

    r11294 r11383  
    8585<h2><?php _e( 'Edit Media' ); ?></h2>
    8686
    87 <form method="post" action="<?php echo clean_url( remove_query_arg( 'message' ) ); ?>" class="media-upload-form" id="media-single-form">
     87<form method="post" action="<?php echo esc_url( remove_query_arg( 'message' ) ); ?>" class="media-upload-form" id="media-single-form">
    8888<div class="media-single">
    8989<div id='media-item-<?php echo $att_id; ?>' class='media-item'>
  • trunk/wp-admin/plugins.php

    r11380 r11383  
    135135                    </ul>
    136136                <p><?php _e('Are you sure you wish to delete these files?') ?></p>
    137                 <form method="post" action="<?php echo clean_url($_SERVER['REQUEST_URI']); ?>" style="display:inline;">
     137                <form method="post" action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>" style="display:inline;">
    138138                    <input type="hidden" name="verify-delete" value="1" />
    139139                    <input type="hidden" name="action" value="delete-selected" />
     
    145145                    <input type="submit" name="submit" value="<?php esc_attr_e('Yes, Delete these files') ?>" class="button" />
    146146                </form>
    147                 <form method="post" action="<?php echo clean_url(wp_get_referer()); ?>" style="display:inline;">
     147                <form method="post" action="<?php echo esc_url(wp_get_referer()); ?>" style="display:inline;">
    148148                    <input type="submit" name="submit" value="<?php esc_attr_e('No, Return me to the plugin list') ?>" class="button" />
    149149                </form>
  • trunk/wp-admin/press-this.php

    r11380 r11383  
    9898    $selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>';
    9999}
    100 $url = isset($_GET['u']) ? clean_url($_GET['u']) : '';
     100$url = isset($_GET['u']) ? esc_url($_GET['u']) : '';
    101101$image = isset($_GET['i']) ? $_GET['i'] : '';
    102102
     
    141141
    142142        <p class="centered"><input type="hidden" name="this_photo" value="<?php echo esc_attr($image); ?>" id="this_photo" />
    143             <a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo esc_attr(__('Click to insert.')); ?>" title="<?php echo esc_attr(__('Click to insert.')); ?>" /></a></p>
     143            <a href="#" class="select"><img src="<?php echo esc_url($image); ?>" alt="<?php echo esc_attr(__('Click to insert.')); ?>" title="<?php echo esc_attr(__('Click to insert.')); ?>" /></a></p>
    144144
    145145        <p id="options"><a href="#" class="select button"><?php _e('Insert Image'); ?></a> <a href="#" class="cancel button"><?php _e('Cancel'); ?></a></p>
     
    206206                    else
    207207                        $src = 'http://'.str_replace('//','/', $host['host'].'/'.dirname($host['path']).'/'.$src);
    208                 $sources[] = clean_url($src);
     208                $sources[] = esc_url($src);
    209209            }
    210210            return "'" . implode("','", $sources) . "'";
     
    223223                jQuery.ajax({
    224224                    type: "GET",
    225                     url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>",
     225                    url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>",
    226226                    cache : false,
    227227                    async : false,
     
    234234                jQuery.ajax({
    235235                    type: "GET",
    236                     url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>",
     236                    url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>",
    237237                    cache : false,
    238238                    async : false,
     
    378378        switch(tab_name) {
    379379            case 'video' :
    380                 jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo esc_attr($selection); ?>'}, function() {
     380                jQuery('#extra_fields').load('<?php echo esc_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo esc_attr($selection); ?>'}, function() {
    381381                    <?php
    382382                    $content = '';
     
    407407                    type: "GET",
    408408                    cache : false,
    409                     url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>",
     409                    url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>",
    410410                    data: "ajax=photo_js&u=<?php echo urlencode($url)?>",
    411411                    dataType : "script",
  • trunk/wp-admin/themes.php

    r11380 r11383  
    195195    $template_dir = $themes[$theme_name]['Template Dir'];
    196196    $parent_theme = $themes[$theme_name]['Parent Theme'];
    197     $preview_link = clean_url( get_option('home') . '/');
     197    $preview_link = esc_url( get_option('home') . '/');
    198198    $preview_link = htmlspecialchars( add_query_arg( array('preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'TB_iframe' => 'true' ), $preview_link ) );
    199199    $preview_text = esc_attr( sprintf( __('Preview of &#8220;%s&#8221;'), $title ) );
  • trunk/wp-admin/update-core.php

    r11273 r11383  
    4545    echo '<input name="version" value="'. esc_attr($update->current) .'" type="hidden"/>';
    4646    echo '<input name="locale" value="'. esc_attr($update->locale) .'" type="hidden"/>';
    47     echo '<a href="' . clean_url($update->package) . '" class="button">' . $download . '</a>&nbsp;';
     47    echo '<a href="' . esc_url($update->package) . '" class="button">' . $download . '</a>&nbsp;';
    4848    if ( 'en_US' != $update->locale )
    4949        if ( !isset( $update->dismissed ) || !$update->dismissed )
  • trunk/wp-admin/upgrade.php

    r11189 r11383  
    5858    case 0:
    5959        $goback = stripslashes( wp_get_referer() );
    60         $goback = clean_url( $goback, null, 'url' );
     60        $goback = esc_url_raw( $goback );
    6161        $goback = urlencode( $goback );
    6262?>
     
    7474        else {
    7575            $backto = stripslashes( urldecode( $_GET['backto'] ) );
    76             $backto = clean_url( $backto, null, 'url' );
     76            $backto = esc_urlaw( $backto );
    7777        }
    7878?>
  • trunk/wp-admin/user-edit.php

    r11380 r11383  
    121121<?php wp_nonce_field('update-user_' . $user_id) ?>
    122122<?php if ( $wp_http_referer ) : ?>
    123     <input type="hidden" name="wp_http_referer" value="<?php echo clean_url($wp_http_referer); ?>" />
     123    <input type="hidden" name="wp_http_referer" value="<?php echo esc_url($wp_http_referer); ?>" />
    124124<?php endif; ?>
    125125<p>
  • trunk/wp-comments-post.php

    r11248 r11383  
    8282    setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
    8383    setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
    84     setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
     84    setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
    8585}
    8686
  • trunk/wp-includes/bookmark-template.php

    r11204 r11383  
    7171        $the_link = '#';
    7272        if ( !empty($bookmark->link_url) )
    73             $the_link = clean_url($bookmark->link_url);
     73            $the_link = esc_url($bookmark->link_url);
    7474
    7575        $desc = esc_attr(sanitize_bookmark_field('link_description', $bookmark->link_description, $bookmark->link_id, 'display'));
  • trunk/wp-includes/category-template.php

    r11324 r11383  
    660660    foreach ( $tags as $key => $tag ) {
    661661        $count = $counts[ $key ];
    662         $tag_link = '#' != $tag->link ? clean_url( $tag->link ) : '#';
     662        $tag_link = '#' != $tag->link ? esc_url( $tag->link ) : '#';
    663663        $tag_id = isset($tags[ $key ]->id) ? $tags[ $key ]->id : $key;
    664664        $tag_name = $tags[ $key ]->name;
  • trunk/wp-includes/class.wp-scripts.php

    r11245 r11383  
    116116
    117117        $src = add_query_arg('ver', $ver, $src);
    118         $src = clean_url(apply_filters( 'script_loader_src', $src, $handle ));
     118        $src = esc_url(apply_filters( 'script_loader_src', $src, $handle ));
    119119
    120120        if ( $this->do_concat )
  • trunk/wp-includes/class.wp-styles.php

    r11219 r11383  
    103103        $src = add_query_arg('ver', $ver, $src);
    104104        $src = apply_filters( 'style_loader_src', $src, $handle );
    105         return clean_url( $src );
     105        return esc_url( $src );
    106106    }
    107107
  • trunk/wp-includes/comment-template.php

    r11380 r11383  
    996996
    997997    if ( get_option('comment_registration') && !$user_ID )
    998         $link = '<a rel="nofollow" class="comment-reply-login" href="' . clean_url( wp_login_url( get_permalink() ) ) . '">' . $login_text . '</a>';
     998        $link = '<a rel="nofollow" class="comment-reply-login" href="' . esc_url( wp_login_url( get_permalink() ) ) . '">' . $login_text . '</a>';
    999999    else
    1000         $link = "<a rel='nofollow' class='comment-reply-link' href='" . clean_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>";
     1000        $link = "<a rel='nofollow' class='comment-reply-link' href='" . esc_url( add_query_arg( 'replytocom', $comment->comment_ID ) ) . "#" . $respond_id . "' onclick='return addComment.moveForm(\"$add_below-$comment->comment_ID\", \"$comment->comment_ID\", \"$respond_id\", \"$post->ID\")'>$reply_text</a>";
    10011001    return apply_filters('comment_reply_link', $before . $link . $after, $args, $comment, $post);
    10021002}
  • trunk/wp-includes/default-filters.php

    r11380 r11383  
    4444    add_filter($filter, 'strip_tags');
    4545    add_filter($filter, 'trim');
    46     add_filter($filter, 'sanitize_url');
     46    add_filter($filter, 'esc_url_raw');
    4747    add_filter($filter, 'wp_filter_kses');
    4848}
     
    5353    add_filter($filter, 'strip_tags');
    5454    add_filter($filter, 'trim');
    55     add_filter($filter, 'clean_url');
     55    add_filter($filter, 'esc_url');
    5656    add_filter($filter, 'wp_filter_kses');
    5757}
  • trunk/wp-includes/default-widgets.php

    r11380 r11383  
    660660            <ul id="recentcomments"><?php
    661661            if ( $comments ) : foreach ( (array) $comments as $comment) :
    662             echo  '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . clean_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
     662            echo  '<li class="recentcomments">' . /* translators: comments widget: 1: comment author, 2: post link */ sprintf(_x('%1$s on %2$s', 'widgets'), get_comment_author_link(), '<a href="' . esc_url( get_comment_link($comment->comment_ID) ) . '">' . get_the_title($comment->comment_post_ID) . '</a>') . '</li>';
    663663            endforeach; endif;?></ul>
    664664        <?php echo $after_widget; ?>
     
    731731            if ( empty($title) )
    732732                $title = htmlentities(strip_tags($rss->get_title()));
    733             $link = clean_url(strip_tags($rss->get_permalink()));
     733            $link = esc_url(strip_tags($rss->get_permalink()));
    734734            while ( stristr($link, 'http') != $link )
    735735                $link = substr($link, 1);
     
    740740
    741741        $title = apply_filters('widget_title', $title );
    742         $url = clean_url(strip_tags($url));
     742        $url = esc_url(strip_tags($url));
    743743        $icon = includes_url('images/rss.png');
    744744        if ( $title )
     
    814814        while ( stristr($link, 'http') != $link )
    815815            $link = substr($link, 1);
    816         $link = clean_url(strip_tags($link));
     816        $link = esc_url(strip_tags($link));
    817817        $title = esc_attr(strip_tags($item->get_title()));
    818818        if ( empty($title) )
     
    880880    $number = esc_attr( $number );
    881881    $title  = esc_attr( $title );
    882     $url    = clean_url( $url );
     882    $url    = esc_url( $url );
    883883    $items  = (int) $items;
    884884    if ( $items < 1 || 20 < $items )
     
    959959    if ( $items < 1 || 20 < $items )
    960960        $items = 10;
    961     $url           = sanitize_url(strip_tags( $widget_rss['url'] ));
     961    $url           = esc_url_raw(strip_tags( $widget_rss['url'] ));
    962962    $title         = trim(strip_tags( $widget_rss['title'] ));
    963963    $show_summary  = (int) $widget_rss['show_summary'];
     
    972972            $error = $rss->get_error_message();
    973973        } else {
    974             $link = clean_url(strip_tags($rss->get_permalink()));
     974            $link = esc_url(strip_tags($rss->get_permalink()));
    975975            while ( stristr($link, 'http') != $link )
    976976                $link = substr($link, 1);
  • trunk/wp-includes/deprecated.php

    r11269 r11383  
    10021002        $the_link = '#';
    10031003        if ( !empty($row->link_url) )
    1004             $the_link = clean_url($row->link_url);
     1004            $the_link = esc_url($row->link_url);
    10051005        $rel = $row->link_rel;
    10061006        if ( '' != $rel )
  • trunk/wp-includes/feed.php

    r11380 r11383  
    256256 */
    257257function comment_link() {
    258     echo clean_url( get_comment_link() );
     258    echo esc_url( get_comment_link() );
    259259}
    260260
     
    504504    $host = @parse_url(get_option('home'));
    505505    $host = $host['host'];
    506     echo clean_url(
     506    echo esc_url(
    507507        'http'
    508508        . ( (isset($_SERVER['https']) && $_SERVER['https'] == 'on') ? 's' : '' ) . '://'
  • trunk/wp-includes/formatting.php

    r11380 r11383  
    11501150function _make_url_clickable_cb($matches) {
    11511151    $url = $matches[2];
    1152     $url = clean_url($url);
     1152    $url = esc_url($url);
    11531153    if ( empty($url) )
    11541154        return $matches[0];
     
    11721172    $dest = $matches[2];
    11731173    $dest = 'http://' . $dest;
    1174     $dest = clean_url($dest);
     1174    $dest = esc_url($dest);
    11751175    if ( empty($dest) )
    11761176        return $matches[0];
     
    19891989 *
    19901990 * A number of characters are removed from the URL. If the URL is for displaying
    1991  * (the default behaviour) amperstands are also replaced. The 'clean_url' filter
     1991 * (the default behaviour) amperstands are also replaced. The 'esc_url' filter
    19921992 * is applied to the returned cleaned URL.
    19931993 *
     
    20332033
    20342034/**
    2035  * Performs clean_url() for database usage.
    2036  *
    2037  * @see clean_url()
     2035 * Checks and cleans a URL.
     2036 *
     2037 * A number of characters are removed from the URL. If the URL is for displaying
     2038 * (the default behaviour) amperstands are also replaced. The 'esc_url' filter
     2039 * is applied to the returned cleaned URL.
     2040 *
     2041 * @since 2.8.0
     2042 * @uses esc_url()
     2043 * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
     2044 *      via $protocols or the common ones set in the function.
     2045 *
     2046 * @param string $url The URL to be cleaned.
     2047 * @param array $protocols Optional. An array of acceptable protocols.
     2048 *      Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.
     2049 * @return string The cleaned $url after the 'cleaned_url' filter is applied.
     2050 */
     2051function esc_url( $url, $protocols = null ) {
     2052    return clean_url( $url, $protocols, 'display' );
     2053}
     2054
     2055/**
     2056 * Performs esc_url() for database usage.
     2057 *
     2058 * @see esc_url()
     2059 * @see esc_url()
     2060 *
     2061 * @since 2.8.0
     2062 *
     2063 * @param string $url The URL to be cleaned.
     2064 * @param array $protocols An array of acceptable protocols.
     2065 * @return string The cleaned URL.
     2066 */
     2067function esc_url_raw( $url, $protocols = null ) {
     2068    return clean_url( $url, $protocols, 'db' );
     2069}
     2070
     2071/**
     2072 * Performs esc_url() for database or redirect usage.
     2073 *
     2074 * @see esc_url()
     2075 * @deprecated 2.8.0
    20382076 *
    20392077 * @since 2.3.1
     
    22812319        case 'home':
    22822320            $value = stripslashes($value);
    2283             $value = clean_url($value);
     2321            $value = esc_url($value);
    22842322            break;
    22852323        default :
  • trunk/wp-includes/functions.php

    r11380 r11383  
    23372337    $html = esc_html( wp_explain_nonce( $action ) );
    23382338    if ( wp_get_referer() )
    2339         $html .= "</p><p><a href='" . clean_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
     2339        $html .= "</p><p><a href='" . esc_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
    23402340    elseif ( 'log-out' == $action )
    23412341        $html .= "</p><p>" . sprintf( __( "Do you really want to <a href='%s'>log out</a>?"), wp_logout_url() );
  • trunk/wp-includes/general-template.php

    r11380 r11383  
    142142function wp_loginout($redirect = '') {
    143143    if ( ! is_user_logged_in() )
    144         $link = '<a href="' . clean_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>';
     144        $link = '<a href="' . esc_url( wp_login_url($redirect) ) . '">' . __('Log in') . '</a>';
    145145    else
    146         $link = '<a href="' . clean_url( wp_logout_url($redirect) ) . '">' . __('Log out') . '</a>';
     146        $link = '<a href="' . esc_url( wp_logout_url($redirect) ) . '">' . __('Log out') . '</a>';
    147147
    148148    echo apply_filters('loginout', $link);
     
    690690    $text = wptexturize($text);
    691691    $title_text = esc_attr($text);
    692     $url = clean_url($url);
     692    $url = esc_url($url);
    693693
    694694    if ('link' == $format)
     
    18081808            $link = add_query_arg( $add_args, $link );
    18091809        $link .= $add_fragment;
    1810         $page_links[] = "<a class='prev page-numbers' href='" . clean_url($link) . "'>$prev_text</a>";
     1810        $page_links[] = "<a class='prev page-numbers' href='" . esc_url($link) . "'>$prev_text</a>";
    18111811    endif;
    18121812    for ( $n = 1; $n <= $total; $n++ ) :
     
    18221822                    $link = add_query_arg( $add_args, $link );
    18231823                $link .= $add_fragment;
    1824                 $page_links[] = "<a class='page-numbers' href='" . clean_url($link) . "'>$n_display</a>";
     1824                $page_links[] = "<a class='page-numbers' href='" . esc_url($link) . "'>$n_display</a>";
    18251825                $dots = true;
    18261826            elseif ( $dots && !$show_all ) :
     
    18361836            $link = add_query_arg( $add_args, $link );
    18371837        $link .= $add_fragment;
    1838         $page_links[] = "<a class='next page-numbers' href='" . clean_url($link) . "'>$next_text</a>";
     1838        $page_links[] = "<a class='next page-numbers' href='" . esc_url($link) . "'>$next_text</a>";
    18391839    endif;
    18401840    switch ( $type ) :
     
    19361936    }
    19371937
    1938     echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . clean_url( wp_admin_css_uri( $file ) ) . "' type='text/css' />\n", $file );
     1938    echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( $file ) ) . "' type='text/css' />\n", $file );
    19391939    if ( 'rtl' == get_bloginfo( 'text_direction' ) )
    1940         echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . clean_url( wp_admin_css_uri( "$file-rtl" ) ) . "' type='text/css' />\n", "$file-rtl" );
     1940        echo apply_filters( 'wp_admin_css', "<link rel='stylesheet' href='" . esc_url( wp_admin_css_uri( "$file-rtl" ) ) . "' type='text/css' />\n", "$file-rtl" );
    19411941}
    19421942
  • trunk/wp-includes/link-template.php

    r11364 r11383  
    13161316 */
    13171317function next_posts( $max_page = 0, $echo = true ) {
    1318     $output = clean_url( get_next_posts_page_link( $max_page ) );
     1318    $output = esc_url( get_next_posts_page_link( $max_page ) );
    13191319
    13201320    if ( $echo )
     
    13941394 */
    13951395function previous_posts( $echo = true ) {
    1396     $output = clean_url( get_previous_posts_page_link() );
     1396    $output = esc_url( get_previous_posts_page_link() );
    13971397
    13981398    if ( $echo )
     
    15511551        $label = __('Newer Comments &raquo;');
    15521552
    1553     return '<a href="' . clean_url( get_comments_pagenum_link( $nextpage, $max_page ) ) . '" ' . apply_filters( 'next_comments_link_attributes', '' ) . '>'. preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', $label) .'</a>';
     1553    return '<a href="' . esc_url( get_comments_pagenum_link( $nextpage, $max_page ) ) . '" ' . apply_filters( 'next_comments_link_attributes', '' ) . '>'. preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', $label) .'</a>';
    15541554}
    15551555
     
    15881588        $label = __('&laquo; Older Comments');
    15891589
    1590     return '<a href="' . clean_url( get_comments_pagenum_link( $prevpage ) ) . '" ' . apply_filters( 'previous_comments_link_attributes', '' ) . '>' . preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', $label) .'</a>';
     1590    return '<a href="' . esc_url( get_comments_pagenum_link( $prevpage ) ) . '" ' . apply_filters( 'previous_comments_link_attributes', '' ) . '>' . preg_replace('/&([^#])(?![a-z]{1,8};)/', '&#038;$1', $label) .'</a>';
    15911591}
    15921592
  • trunk/wp-includes/rss.php

    r11204 r11383  
    873873            printf(
    874874                '<li><a href="%1$s" title="%2$s">%3$s</a></li>',
    875                 clean_url( $item['link'] ),
     875                esc_url( $item['link'] ),
    876876                esc_attr( strip_tags( $item['description'] ) ),
    877877                htmlentities( $item['title'] )
  • trunk/wp-includes/theme.php

    r11204 r11383  
    186186
    187187    if ( preg_match( '|Theme URI:(.*)$|mi', $theme_data, $theme_uri ) )
    188         $theme_uri = clean_url( _cleanup_header_comment($theme_uri[1]) );
     188        $theme_uri = esc_url( _cleanup_header_comment($theme_uri[1]) );
    189189    else
    190190        $theme_uri = '';
     
    196196
    197197    if ( preg_match( '|Author URI:(.*)$|mi', $theme_data, $author_uri ) )
    198         $author_uri = clean_url( _cleanup_header_comment($author_uri[1]) );
     198        $author_uri = esc_url( _cleanup_header_comment($author_uri[1]) );
    199199    else
    200200        $author_uri = '';
  • trunk/wp-includes/update.php

    r11209 r11383  
    6868        $new_option->response = esc_attr( $returns[0] );
    6969        if ( isset( $returns[1] ) )
    70             $new_option->url = clean_url( $returns[1] );
     70            $new_option->url = esc_url( $returns[1] );
    7171        if ( isset( $returns[2] ) )
    72             $new_option->package = clean_url( $returns[2] );
     72            $new_option->package = esc_url( $returns[2] );
    7373        if ( isset( $returns[3] ) )
    7474            $new_option->current = esc_attr( $returns[3] );
  • trunk/wp-includes/version.php

    r11381 r11383  
    1616 * @global int $wp_db_version
    1717 */
    18 $wp_db_version = 10850;
     18$wp_db_version = 10851;
    1919
    2020?>
Note: See TracChangeset for help on using the changeset viewer.