Changeset 13297
- Timestamp:
- 02/22/2010 06:15:10 PM (15 years ago)
- Location:
- trunk
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/ms.php
r13242 r13297 262 262 ###SITEURL###"), $new_admin_email ); 263 263 264 $content = str_replace('###ADMIN_URL###', clean_url(get_option( "siteurl" ).'/wp-admin/options.php?adminhash='.$hash), $content);264 $content = str_replace('###ADMIN_URL###', esc_url(get_option( "siteurl" ).'/wp-admin/options.php?adminhash='.$hash), $content); 265 265 $content = str_replace('###EMAIL###', $value, $content); 266 266 $content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content); … … 313 313 ###SITEURL###"), $new_user_email ); 314 314 315 $content = str_replace('###ADMIN_URL###', clean_url(get_option( "siteurl" ).'/wp-admin/profile.php?newuseremail='.$hash), $content);315 $content = str_replace('###ADMIN_URL###', esc_url(get_option( "siteurl" ).'/wp-admin/profile.php?newuseremail='.$hash), $content); 316 316 $content = str_replace('###EMAIL###', $_POST[ 'email' ], $content); 317 317 $content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content); -
trunk/wp-admin/includes/upgrade.php
r13227 r13297 196 196 $first_post = stripslashes( __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ) ); 197 197 198 $first_post = str_replace( "SITE_URL", clean_url("http://" . $current_site->domain . $current_site->path), $first_post );198 $first_post = str_replace( "SITE_URL", esc_url("http://" . $current_site->domain . $current_site->path), $first_post ); 199 199 $first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post ); 200 200 } else { -
trunk/wp-admin/ms-edit.php
r13256 r13297 398 398 case "confirm": 399 399 $referrer = ( isset($_GET['ref']) ) ? stripslashes($_GET['ref']) : $_SERVER['HTTP_REFERER']; 400 $referrer = clean_url($referrer);400 $referrer = esc_url($referrer); 401 401 if ( !headers_sent() ) { 402 402 nocache_headers(); -
trunk/wp-admin/ms-users.php
r12949 r13297 181 181 case 'login': 182 182 $avatar = get_avatar( $user['user_email'], 32 ); 183 $edit = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=".$user['ID'] ) );183 $edit = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=".$user['ID'] ) ); 184 184 // @todo Make delete link work like delete button with transfering users (in ms-edit.php) 185 //$delete = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user['ID'] ) );185 //$delete = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user['ID'] ) ); 186 186 ?> 187 187 <td class="username column-username"> -
trunk/wp-includes/class-oembed.php
r13275 r13297 216 216 217 217 $title = ( !empty($data->title) ) ? $data->title : ''; 218 $return = '<img src="' . esc_ attr( clean_url( $data->url )) . '" alt="' . esc_attr($title) . '" width="' . esc_attr($data->width) . '" height="' . esc_attr($data->height) . '" />';218 $return = '<img src="' . esc_url( $data->url ) . '" alt="' . esc_attr($title) . '" width="' . esc_attr($data->width) . '" height="' . esc_attr($data->height) . '" />'; 219 219 break; 220 220 … … 225 225 226 226 case 'link': 227 $return = ( !empty($data->title) ) ? '<a href="' . clean_url($url) . '">' . esc_html($data->title) . '</a>' : false;227 $return = ( !empty($data->title) ) ? '<a href="' . esc_url($url) . '">' . esc_html($data->title) . '</a>' : false; 228 228 break; 229 229 -
trunk/wp-includes/deprecated.php
r13268 r13297 2071 2071 function sanitize_url( $url, $protocols = null ) { 2072 2072 _deprecated_function( __FUNCTION__, '2.8', 'esc_url_raw()' ); 2073 return clean_url( $url, $protocols, 'db');2073 return esc_url_raw( $url, $protocols ); 2074 2074 } 2075 2075
Note: See TracChangeset
for help on using the changeset viewer.