WordPress.org

Make WordPress Core

Changeset 13299


Ignore:
Timestamp:
02/22/2010 06:25:51 PM (9 years ago)
Author:
nacin
Message:

Deprecate clean_url() for esc_url(). Fixes #12309

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/deprecated.php

    r13297 r13299  
    20752075
    20762076/**
     2077 * Checks and cleans a URL.
     2078 *
     2079 * A number of characters are removed from the URL. If the URL is for displaying
     2080 * (the default behaviour) amperstands are also replaced. The 'clean_url' filter
     2081 * is applied to the returned cleaned URL.
     2082 *
     2083 * @since 1.2.0
     2084 * @deprecated 3.0.0
     2085 * @deprecated Use esc_url()
     2086 * @see Alias for esc_url()
     2087 *
     2088 * @param string $url The URL to be cleaned.
     2089 * @param array $protocols Optional. An array of acceptable protocols.
     2090 * @param string $context Optional. How the URL will be used. Default is 'display'.
     2091 * @return string The cleaned $url after the 'clean_url' filter is applied.
     2092 */
     2093function clean_url( $url, $protocols = null, $context = 'display' ) {
     2094    if ( $context == 'db' )
     2095        _deprecated_function( 'clean_url( $context = \'db\' )', '3.0', 'esc_url_raw()' );
     2096    else
     2097        _deprecated_function( __FUNCTION__, '3.0', 'esc_url()' );
     2098    return esc_url( $url, $protocols, $context );
     2099}
     2100
     2101/**
    20772102 * Escape single quotes, specialchar double quotes, and fix line endings.
    20782103 *
  • trunk/wp-includes/formatting.php

    r13240 r13299  
    21332133
    21342134/**
     2135 * Perform a deep string replace operation to ensure the values in $search are no longer present
     2136 *
     2137 * Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values
     2138 * e.g. $subject = '%0%0%0DDD', $search ='%0D', $result ='' rather than the '%0%0DD' that
     2139 * str_replace would return
     2140 *
     2141 * @since 2.8.1
     2142 * @access private
     2143 *
     2144 * @param string|array $search
     2145 * @param string $subject
     2146 * @return string The processed string
     2147 */
     2148function _deep_replace($search, $subject){
     2149    $found = true;
     2150    while($found) {
     2151        $found = false;
     2152        foreach( (array) $search as $val ) {
     2153            while(strpos($subject, $val) !== false) {
     2154                $found = true;
     2155                $subject = str_replace($val, '', $subject);
     2156            }
     2157        }
     2158    }
     2159
     2160    return $subject;
     2161}
     2162
     2163/**
     2164 * Escapes data for use in a MySQL query
     2165 *
     2166 * This is just a handy shortcut for $wpdb->escape(), for completeness' sake
     2167 *
     2168 * @since 2.8.0
     2169 * @param string $sql Unescaped SQL data
     2170 * @return string The cleaned $sql
     2171 */
     2172function esc_sql( $sql ) {
     2173    global $wpdb;
     2174    return $wpdb->escape( $sql );
     2175}
     2176
     2177/**
    21352178 * Checks and cleans a URL.
    21362179 *
     
    21392182 * is applied to the returned cleaned URL.
    21402183 *
    2141  * @since 1.2.0
     2184 * @since 2.8.0
    21422185 * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
    21432186 *      via $protocols or the common ones set in the function.
     
    21462189 * @param array $protocols Optional. An array of acceptable protocols.
    21472190 *      Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.
    2148  * @param string $context Optional. How the URL will be used. Default is 'display'.
     2191 * @param string $_context Private. Use esc_url_raw() for database usage.
    21492192 * @return string The cleaned $url after the 'clean_url' filter is applied.
    21502193 */
    2151 function clean_url( $url, $protocols = null, $context = 'display' ) {
     2194function esc_url( $url, $protocols = null, $_context = 'display' ) {
    21522195    $original_url = $url;
    21532196
     
    21662209
    21672210    // Replace ampersands and single quotes only when displaying.
    2168     if ( 'display' == $context ) {
     2211    if ( 'display' == $_context ) {
    21692212        $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
    21702213        $url = str_replace( "'", ''', $url );
     
    21762219        return '';
    21772220
    2178     return apply_filters('clean_url', $url, $original_url, $context);
    2179 }
    2180 
    2181 /**
    2182  * Perform a deep string replace operation to ensure the values in $search are no longer present
    2183  *
    2184  * Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values
    2185  * e.g. $subject = '%0%0%0DDD', $search ='%0D', $result ='' rather than the '%0%0DD' that
    2186  * str_replace would return
    2187  *
    2188  * @since 2.8.1
    2189  * @access private
    2190  *
    2191  * @param string|array $search
    2192  * @param string $subject
    2193  * @return string The processed string
    2194  */
    2195 function _deep_replace($search, $subject){
    2196     $found = true;
    2197     while($found) {
    2198         $found = false;
    2199         foreach( (array) $search as $val ) {
    2200             while(strpos($subject, $val) !== false) {
    2201                 $found = true;
    2202                 $subject = str_replace($val, '', $subject);
    2203             }
    2204         }
    2205     }
    2206 
    2207     return $subject;
    2208 }
    2209 
    2210 /**
    2211  * Escapes data for use in a MySQL query
    2212  *
    2213  * This is just a handy shortcut for $wpdb->escape(), for completeness' sake
     2221    return apply_filters('clean_url', $url, $original_url, $_context);
     2222}
     2223
     2224/**
     2225 * Performs esc_url() for database usage.
    22142226 *
    22152227 * @since 2.8.0
    2216  * @param string $sql Unescaped SQL data
    2217  * @return string The cleaned $sql
    2218  */
    2219 function esc_sql( $sql ) {
    2220     global $wpdb;
    2221     return $wpdb->escape( $sql );
    2222 }
    2223 
    2224 /**
    2225  * Checks and cleans a URL.
    2226  *
    2227  * A number of characters are removed from the URL. If the URL is for displaying
    2228  * (the default behaviour) amperstands are also replaced. The 'clean_url' filter
    2229  * is applied to the returned cleaned URL.
    2230  *
    2231  * @since 2.8.0
    2232  * @uses clean_url()
    2233  * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
    2234  *      via $protocols or the common ones set in the function.
    2235  *
    2236  * @param string $url The URL to be cleaned.
    2237  * @param array $protocols Optional. An array of acceptable protocols.
    2238  *      Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.
    2239  * @return string The cleaned $url after the 'clean_url' filter is applied.
    2240  */
    2241 function esc_url( $url, $protocols = null ) {
    2242     return clean_url( $url, $protocols, 'display' );
    2243 }
    2244 
    2245 /**
    2246  * Performs esc_url() for database usage.
    2247  *
    2248  * @since 2.8.0
    2249  * @uses clean_url()
     2228 * @uses esc_url()
    22502229 *
    22512230 * @param string $url The URL to be cleaned.
     
    22542233 */
    22552234function esc_url_raw( $url, $protocols = null ) {
    2256     return clean_url( $url, $protocols, 'db' );
     2235    return esc_url( $url, $protocols, 'db' );
    22572236}
    22582237
Note: See TracChangeset for help on using the changeset viewer.