Changeset 13299

Timestamp:

02/22/2010 06:25:51 PM (15 years ago)

Author:

nacin

Message:

Deprecate clean_url() for esc_url(). Fixes #12309

Location:

trunk/wp-includes

Files:

• deprecated.php (modified) (1 diff)
• formatting.php (modified) (6 diffs)

trunk/wp-includes/deprecated.php

@@ -2075 +2075 @@
 
 /**
+ * Checks and cleans a URL.
+ *
+ * A number of characters are removed from the URL. If the URL is for displaying
+ * (the default behaviour) amperstands are also replaced. The 'clean_url' filter
+ * is applied to the returned cleaned URL.
+ *
+ * @since 1.2.0
+ * @deprecated 3.0.0
+ * @deprecated Use esc_url()
+ * @see Alias for esc_url()
+ *
+ * @param string $url The URL to be cleaned.
+ * @param array $protocols Optional. An array of acceptable protocols.
+ * @param string $context Optional. How the URL will be used. Default is 'display'.
+ * @return string The cleaned $url after the 'clean_url' filter is applied.
+ */
+function clean_url( $url, $protocols = null, $context = 'display' ) {
+    if ( $context == 'db' )
+        _deprecated_function( 'clean_url( $context = \'db\' )', '3.0', 'esc_url_raw()' );
+    else
+        _deprecated_function( __FUNCTION__, '3.0', 'esc_url()' );
+    return esc_url( $url, $protocols, $context );
+}
+
+/**
  * Escape single quotes, specialchar double quotes, and fix line endings.
  *

trunk/wp-includes/formatting.php

@@ -2133 +2133 @@
 
 /**
+ * Perform a deep string replace operation to ensure the values in $search are no longer present
+ *
+ * Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values
+ * e.g. $subject = '%0%0%0DDD', $search ='%0D', $result ='' rather than the '%0%0DD' that
+ * str_replace would return
+ *
+ * @since 2.8.1
+ * @access private
+ *
+ * @param string|array $search
+ * @param string $subject
+ * @return string The processed string
+ */
+function _deep_replace($search, $subject){
+    $found = true;
+    while($found) {
+        $found = false;
+        foreach( (array) $search as $val ) {
+            while(strpos($subject, $val) !== false) {
+                $found = true;
+                $subject = str_replace($val, '', $subject);
+            }
+        }
+    }
+
+    return $subject;
+}
+
+/**
+ * Escapes data for use in a MySQL query
+ *
+ * This is just a handy shortcut for $wpdb->escape(), for completeness' sake
+ *
+ * @since 2.8.0
+ * @param string $sql Unescaped SQL data
+ * @return string The cleaned $sql
+ */
+function esc_sql( $sql ) {
+    global $wpdb;
+    return $wpdb->escape( $sql );
+}
+
+/**
  * Checks and cleans a URL.
  *
@@ -2139 +2182 @@
  * is applied to the returned cleaned URL.
  *
- * @since 1.2.0
+ * @since 2.8.0
  * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
  *      via $protocols or the common ones set in the function.
@@ -2146 +2189 @@
  * @param array $protocols Optional. An array of acceptable protocols.
  *      Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.
- * @param string $context Optional. How the URL will be used. Default is 'display'.
+ * @param string $_context Private. Use esc_url_raw() for database usage.
  * @return string The cleaned $url after the 'clean_url' filter is applied.
  */
-function clean_url( $url, $protocols = null, $context = 'display' ) {
+function esc_url( $url, $protocols = null, $_context = 'display' ) {
     $original_url = $url;
 
@@ -2166 +2209 @@
 
     // Replace ampersands and single quotes only when displaying.
-    if ( 'display' == $context ) {
+    if ( 'display' == $_context ) {
         $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
         $url = str_replace( "'", ''', $url );
@@ -2176 +2219 @@
         return '';
 
-    return apply_filters('clean_url', $url, $original_url, $context);
-}
-
-/**
- * Perform a deep string replace operation to ensure the values in $search are no longer present
- *
- * Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values
- * e.g. $subject = '%0%0%0DDD', $search ='%0D', $result ='' rather than the '%0%0DD' that
- * str_replace would return
- *
- * @since 2.8.1
- * @access private
- *
- * @param string|array $search
- * @param string $subject
- * @return string The processed string
- */
-function _deep_replace($search, $subject){
-    $found = true;
-    while($found) {
-        $found = false;
-        foreach( (array) $search as $val ) {
-            while(strpos($subject, $val) !== false) {
-                $found = true;
-                $subject = str_replace($val, '', $subject);
-            }
-        }
-    }
-
-    return $subject;
-}
-
-/**
- * Escapes data for use in a MySQL query
- *
- * This is just a handy shortcut for $wpdb->escape(), for completeness' sake
+    return apply_filters('clean_url', $url, $original_url, $_context);
+}
+
+/**
+ * Performs esc_url() for database usage.
  *
  * @since 2.8.0
- * @param string $sql Unescaped SQL data
- * @return string The cleaned $sql
- */
-function esc_sql( $sql ) {
-    global $wpdb;
-    return $wpdb->escape( $sql );
-}
-
-/**
- * Checks and cleans a URL.
- *
- * A number of characters are removed from the URL. If the URL is for displaying
- * (the default behaviour) amperstands are also replaced. The 'clean_url' filter
- * is applied to the returned cleaned URL.
- *
- * @since 2.8.0
- * @uses clean_url()
- * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
- *      via $protocols or the common ones set in the function.
- *
- * @param string $url The URL to be cleaned.
- * @param array $protocols Optional. An array of acceptable protocols.
- *      Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.
- * @return string The cleaned $url after the 'clean_url' filter is applied.
- */
-function esc_url( $url, $protocols = null ) {
-    return clean_url( $url, $protocols, 'display' );
-}
-
-/**
- * Performs esc_url() for database usage.
- *
- * @since 2.8.0
- * @uses clean_url()
+ * @uses esc_url()
  *
  * @param string $url The URL to be cleaned.
@@ -2254 +2233 @@
  */
 function esc_url_raw( $url, $protocols = null ) {
-    return clean_url( $url, $protocols, 'db' );
+    return esc_url( $url, $protocols, 'db' );
 }