Changeset 13297

Timestamp:

02/22/2010 06:15:10 PM (15 years ago)

Author:

nacin

Message:

Use esc_url() instead of clean_url(). See #12309

Location:

trunk

Files:

• wp-admin/includes/ms.php (modified) (2 diffs)
• wp-admin/includes/upgrade.php (modified) (1 diff)
• wp-admin/ms-edit.php (modified) (1 diff)
• wp-admin/ms-users.php (modified) (1 diff)
• wp-includes/class-oembed.php (modified) (2 diffs)
• wp-includes/deprecated.php (modified) (1 diff)

trunk/wp-admin/includes/ms.php

@@ -262 +262 @@
 ###SITEURL###"), $new_admin_email );
 
-    $content = str_replace('###ADMIN_URL###', clean_url(get_option( "siteurl" ).'/wp-admin/options.php?adminhash='.$hash), $content);
+    $content = str_replace('###ADMIN_URL###', esc_url(get_option( "siteurl" ).'/wp-admin/options.php?adminhash='.$hash), $content);
     $content = str_replace('###EMAIL###', $value, $content);
     $content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content);
@@ -313 +313 @@
 ###SITEURL###"), $new_user_email );
 
-        $content = str_replace('###ADMIN_URL###', clean_url(get_option( "siteurl" ).'/wp-admin/profile.php?newuseremail='.$hash), $content);
+        $content = str_replace('###ADMIN_URL###', esc_url(get_option( "siteurl" ).'/wp-admin/profile.php?newuseremail='.$hash), $content);
         $content = str_replace('###EMAIL###', $_POST[ 'email' ], $content);
         $content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content);

trunk/wp-admin/includes/upgrade.php

@@ -196 +196 @@
             $first_post = stripslashes( __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ) );
 
-        $first_post = str_replace( "SITE_URL", clean_url("http://" . $current_site->domain . $current_site->path), $first_post );
+        $first_post = str_replace( "SITE_URL", esc_url("http://" . $current_site->domain . $current_site->path), $first_post );
         $first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post );
     } else {

trunk/wp-admin/ms-edit.php

@@ -398 +398 @@
     case "confirm":
         $referrer = ( isset($_GET['ref']) ) ? stripslashes($_GET['ref']) : $_SERVER['HTTP_REFERER'];
-        $referrer = clean_url($referrer);
+        $referrer = esc_url($referrer);
         if ( !headers_sent() ) {
             nocache_headers();

trunk/wp-admin/ms-users.php

@@ -181 +181 @@
                             case 'login':
                                 $avatar = get_avatar( $user['user_email'], 32 );
-                                $edit   = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=".$user['ID'] ) );
+                                $edit   = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=".$user['ID'] ) );
                                 // @todo Make delete link work like delete button with transfering users (in ms-edit.php)
-                                //$delete   = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user['ID'] ) );
+                                //$delete   = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user['ID'] ) );
                                 ?>
                                 <td class="username column-username">

trunk/wp-includes/class-oembed.php

@@ -216 +216 @@
 
                 $title = ( !empty($data->title) ) ? $data->title : '';
-                $return = '<img src="' . esc_attr( clean_url( $data->url ) ) . '" alt="' . esc_attr($title) . '" width="' . esc_attr($data->width) . '" height="' . esc_attr($data->height) . '" />';
+                $return = '<img src="' . esc_url( $data->url ) . '" alt="' . esc_attr($title) . '" width="' . esc_attr($data->width) . '" height="' . esc_attr($data->height) . '" />';
                 break;
 
@@ -225 +225 @@
 
             case 'link':
-                $return = ( !empty($data->title) ) ? '<a href="' . clean_url($url) . '">' . esc_html($data->title) . '</a>' : false;
+                $return = ( !empty($data->title) ) ? '<a href="' . esc_url($url) . '">' . esc_html($data->title) . '</a>' : false;
                 break;
 

trunk/wp-includes/deprecated.php

@@ -2071 +2071 @@
 function sanitize_url( $url, $protocols = null ) {
     _deprecated_function( __FUNCTION__, '2.8', 'esc_url_raw()' );
-    return clean_url( $url, $protocols, 'db' );
+    return esc_url_raw( $url, $protocols );
 }