Make WordPress Core

Changeset 13297


Ignore:
Timestamp:
02/22/2010 06:15:10 PM (15 years ago)
Author:
nacin
Message:

Use esc_url() instead of clean_url(). See #12309

Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/ms.php

    r13242 r13297  
    262262###SITEURL###"), $new_admin_email );
    263263
    264     $content = str_replace('###ADMIN_URL###', clean_url(get_option( "siteurl" ).'/wp-admin/options.php?adminhash='.$hash), $content);
     264    $content = str_replace('###ADMIN_URL###', esc_url(get_option( "siteurl" ).'/wp-admin/options.php?adminhash='.$hash), $content);
    265265    $content = str_replace('###EMAIL###', $value, $content);
    266266    $content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content);
     
    313313###SITEURL###"), $new_user_email );
    314314
    315         $content = str_replace('###ADMIN_URL###', clean_url(get_option( "siteurl" ).'/wp-admin/profile.php?newuseremail='.$hash), $content);
     315        $content = str_replace('###ADMIN_URL###', esc_url(get_option( "siteurl" ).'/wp-admin/profile.php?newuseremail='.$hash), $content);
    316316        $content = str_replace('###EMAIL###', $_POST[ 'email' ], $content);
    317317        $content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content);
  • trunk/wp-admin/includes/upgrade.php

    r13227 r13297  
    196196            $first_post = stripslashes( __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ) );
    197197
    198         $first_post = str_replace( "SITE_URL", clean_url("http://" . $current_site->domain . $current_site->path), $first_post );
     198        $first_post = str_replace( "SITE_URL", esc_url("http://" . $current_site->domain . $current_site->path), $first_post );
    199199        $first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post );
    200200    } else {
  • trunk/wp-admin/ms-edit.php

    r13256 r13297  
    398398    case "confirm":
    399399        $referrer = ( isset($_GET['ref']) ) ? stripslashes($_GET['ref']) : $_SERVER['HTTP_REFERER'];
    400         $referrer = clean_url($referrer);
     400        $referrer = esc_url($referrer);
    401401        if ( !headers_sent() ) {
    402402            nocache_headers();
  • trunk/wp-admin/ms-users.php

    r12949 r13297  
    181181                            case 'login':
    182182                                $avatar = get_avatar( $user['user_email'], 32 );
    183                                 $edit   = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=".$user['ID'] ) );
     183                                $edit   = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=".$user['ID'] ) );
    184184                                // @todo Make delete link work like delete button with transfering users (in ms-edit.php)
    185                                 //$delete   = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user['ID'] ) );
     185                                //$delete   = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user['ID'] ) );
    186186                                ?>
    187187                                <td class="username column-username">
  • trunk/wp-includes/class-oembed.php

    r13275 r13297  
    216216
    217217                $title = ( !empty($data->title) ) ? $data->title : '';
    218                 $return = '<img src="' . esc_attr( clean_url( $data->url ) ) . '" alt="' . esc_attr($title) . '" width="' . esc_attr($data->width) . '" height="' . esc_attr($data->height) . '" />';
     218                $return = '<img src="' . esc_url( $data->url ) . '" alt="' . esc_attr($title) . '" width="' . esc_attr($data->width) . '" height="' . esc_attr($data->height) . '" />';
    219219                break;
    220220
     
    225225
    226226            case 'link':
    227                 $return = ( !empty($data->title) ) ? '<a href="' . clean_url($url) . '">' . esc_html($data->title) . '</a>' : false;
     227                $return = ( !empty($data->title) ) ? '<a href="' . esc_url($url) . '">' . esc_html($data->title) . '</a>' : false;
    228228                break;
    229229
  • trunk/wp-includes/deprecated.php

    r13268 r13297  
    20712071function sanitize_url( $url, $protocols = null ) {
    20722072    _deprecated_function( __FUNCTION__, '2.8', 'esc_url_raw()' );
    2073     return clean_url( $url, $protocols, 'db' );
     2073    return esc_url_raw( $url, $protocols );
    20742074}
    20752075
Note: See TracChangeset for help on using the changeset viewer.