WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 04:00:33 PM (12 years ago)
Author:
markjaquith
Message:

Deprecate sanitize_url() and clean_url() in favor of esc_url_raw() and esc_url()

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/dashboard.php

    r11380 r11383  
    116116        if ( isset( $_GET['edit'] ) && $widget_id == $_GET['edit'] ) {
    117117            list($url) = explode( '#', add_query_arg( 'edit', false ), 2 );
    118             $widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>';
     118            $widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>';
    119119            add_meta_box( $widget_id, $widget_name, '_wp_dashboard_control_callback', 'dashboard', 'normal', 'core' );
    120120            return;
    121121        }
    122122        list($url) = explode( '#', add_query_arg( 'edit', $widget_id ), 2 );
    123         $widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>';
     123        $widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>';
    124124    }
    125125    $side_widgets = array('dashboard_quick_press', 'dashboard_recent_drafts', 'dashboard_primary', 'dashboard_secondary');
     
    358358    if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) {
    359359        $view = get_permalink( $_POST['post_ID'] );
    360         $edit = clean_url( get_edit_post_link( $_POST['post_ID'] ) );
     360        $edit = esc_url( get_edit_post_link( $_POST['post_ID'] ) );
    361361        if ( 'post-quickpress-publish' == $_POST['action'] ) {
    362362            if ( current_user_can('publish_posts') )
    363                 printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( $view ), $edit );
     363                printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( $view ), $edit );
    364364            else
    365                 printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit );
     365                printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit );
    366366        } else {
    367             printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit );
     367            printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit );
    368368            $drafts_query = new WP_Query( array(
    369369                'post_type' => 'post',
     
    385385?>
    386386
    387     <form name="post" action="<?php echo clean_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">
     387    <form name="post" action="<?php echo esc_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">
    388388        <h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4>
    389389        <div class="input-text-wrap">
     
    526526    $comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
    527527    $comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>";
    528     $comment_link = '<a class="comment-link" href="' . clean_url(get_comment_link()) . '">#</a>';
    529 
    530     $delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
    531     $approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
    532     $unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
    533     $spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
     528    $comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';
     529
     530    $delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
     531    $approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
     532    $unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
     533    $spam_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
    534534
    535535    $actions = array();
     
    642642        $content = '';
    643643        $date = '';
    644         $link = clean_url( strip_tags( $item->get_link() ) );
     644        $link = esc_url( strip_tags( $item->get_link() ) );
    645645
    646646        $author = $item->get_author();
    647         $site_link = clean_url( strip_tags( $author->get_link() ) );
     647        $site_link = esc_url( strip_tags( $author->get_link() ) );
    648648
    649649        if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) )
     
    781781            list($link, $frag) = explode( '#', $item->get_link() );
    782782
    783             $link = clean_url($link);
     783            $link = esc_url($link);
    784784            if ( preg_match( '|/([^/]+?)/?$|', $link, $matches ) )
    785785                $slug = $matches[1];
Note: See TracChangeset for help on using the changeset viewer.