WordPress.org

Make WordPress Core

Changeset 13297


Ignore:
Timestamp:
02/22/10 18:15:10 (4 years ago)
Author:
nacin
Message:

Use esc_url() instead of clean_url(). See #12309

Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/ms.php

    r13242 r13297  
    262262###SITEURL###"), $new_admin_email ); 
    263263 
    264     $content = str_replace('###ADMIN_URL###', clean_url(get_option( "siteurl" ).'/wp-admin/options.php?adminhash='.$hash), $content); 
     264    $content = str_replace('###ADMIN_URL###', esc_url(get_option( "siteurl" ).'/wp-admin/options.php?adminhash='.$hash), $content); 
    265265    $content = str_replace('###EMAIL###', $value, $content); 
    266266    $content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content); 
     
    313313###SITEURL###"), $new_user_email ); 
    314314 
    315         $content = str_replace('###ADMIN_URL###', clean_url(get_option( "siteurl" ).'/wp-admin/profile.php?newuseremail='.$hash), $content); 
     315        $content = str_replace('###ADMIN_URL###', esc_url(get_option( "siteurl" ).'/wp-admin/profile.php?newuseremail='.$hash), $content); 
    316316        $content = str_replace('###EMAIL###', $_POST[ 'email' ], $content); 
    317317        $content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content); 
  • trunk/wp-admin/includes/upgrade.php

    r13227 r13297  
    196196            $first_post = stripslashes( __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ) ); 
    197197 
    198         $first_post = str_replace( "SITE_URL", clean_url("http://" . $current_site->domain . $current_site->path), $first_post ); 
     198        $first_post = str_replace( "SITE_URL", esc_url("http://" . $current_site->domain . $current_site->path), $first_post ); 
    199199        $first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post ); 
    200200    } else { 
  • trunk/wp-admin/ms-edit.php

    r13256 r13297  
    398398    case "confirm": 
    399399        $referrer = ( isset($_GET['ref']) ) ? stripslashes($_GET['ref']) : $_SERVER['HTTP_REFERER']; 
    400         $referrer = clean_url($referrer); 
     400        $referrer = esc_url($referrer); 
    401401        if ( !headers_sent() ) { 
    402402            nocache_headers(); 
  • trunk/wp-admin/ms-users.php

    r12949 r13297  
    181181                            case 'login': 
    182182                                $avatar = get_avatar( $user['user_email'], 32 ); 
    183                                 $edit   = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=".$user['ID'] ) ); 
     183                                $edit   = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=".$user['ID'] ) ); 
    184184                                // @todo Make delete link work like delete button with transfering users (in ms-edit.php) 
    185                                 //$delete   = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user['ID'] ) ); 
     185                                //$delete   = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user['ID'] ) ); 
    186186                                ?> 
    187187                                <td class="username column-username"> 
  • trunk/wp-includes/class-oembed.php

    r13275 r13297  
    216216 
    217217                $title = ( !empty($data->title) ) ? $data->title : ''; 
    218                 $return = '<img src="' . esc_attr( clean_url( $data->url ) ) . '" alt="' . esc_attr($title) . '" width="' . esc_attr($data->width) . '" height="' . esc_attr($data->height) . '" />'; 
     218                $return = '<img src="' . esc_url( $data->url ) . '" alt="' . esc_attr($title) . '" width="' . esc_attr($data->width) . '" height="' . esc_attr($data->height) . '" />'; 
    219219                break; 
    220220 
     
    225225 
    226226            case 'link': 
    227                 $return = ( !empty($data->title) ) ? '<a href="' . clean_url($url) . '">' . esc_html($data->title) . '</a>' : false; 
     227                $return = ( !empty($data->title) ) ? '<a href="' . esc_url($url) . '">' . esc_html($data->title) . '</a>' : false; 
    228228                break; 
    229229 
  • trunk/wp-includes/deprecated.php

    r13268 r13297  
    20712071function sanitize_url( $url, $protocols = null ) { 
    20722072    _deprecated_function( __FUNCTION__, '2.8', 'esc_url_raw()' ); 
    2073     return clean_url( $url, $protocols, 'db' ); 
     2073    return esc_url_raw( $url, $protocols ); 
    20742074} 
    20752075 
Note: See TracChangeset for help on using the changeset viewer.