Make WordPress Core


Ignore:
Timestamp:
05/02/2010 10:53:59 PM (15 years ago)
Author:
ryan
Message:

Escape links by default. Props alexkingorg. see #13051

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/link-template.php

    r14208 r14347  
    18251825 * @return string Home url link with optional path appended.
    18261826*/
    1827 function home_url( $path = '', $scheme = null ) {
    1828     return get_home_url(null, $path, $scheme);
     1827function home_url( $path = '', $scheme = null, $esc_url = true ) {
     1828    return get_home_url(null, $path, $scheme, $esc_url);
    18291829}
    18301830
     
    18441844 * @return string Home url link with optional path appended.
    18451845*/
    1846 function get_home_url( $blog_id = null, $path = '', $scheme = null ) {
     1846function get_home_url( $blog_id = null, $path = '', $scheme = null, $esc_url = true ) {
    18471847    $orig_scheme = $scheme;
    18481848
     
    18601860        $url .= '/' . ltrim( $path, '/' );
    18611861
    1862     return apply_filters( 'home_url', $url, $path, $orig_scheme, $blog_id );
     1862    $url = apply_filters( 'home_url', $url, $path, $orig_scheme, $blog_id );
     1863
     1864    if ( $esc_url )
     1865        $url = esc_url($url);
     1866
     1867    return $url;
    18631868}
    18641869
     
    18791884 * @return string Site url link with optional path appended.
    18801885*/
    1881 function site_url( $path = '', $scheme = null ) {
    1882     return get_site_url(null, $path, $scheme);
     1886function site_url( $path = '', $scheme = null, $esc_url = true ) {
     1887    return get_site_url(null, $path, $scheme, $esc_url);
    18831888}
    18841889
     
    18981903 * @return string Site url link with optional path appended.
    18991904*/
    1900 function get_site_url( $blog_id = null, $path = '', $scheme = null ) {
     1905function get_site_url( $blog_id = null, $path = '', $scheme = null, $esc_url = true ) {
    19011906    // should the list of allowed schemes be maintained elsewhere?
    19021907    $orig_scheme = $scheme;
     
    19221927        $url .= '/' . ltrim($path, '/');
    19231928
    1924     return apply_filters('site_url', $url, $path, $orig_scheme, $blog_id);
     1929    $url = apply_filters('site_url', $url, $path, $orig_scheme, $blog_id);
     1930
     1931    if ( $esc_url )
     1932        $url = esc_url($url);
     1933
     1934    return $url;
    19251935}
    19261936
     
    19351945 * @return string Admin url link with optional path appended
    19361946*/
    1937 function admin_url( $path = '', $scheme = 'admin' ) {
    1938     return get_admin_url(null, $path, $scheme);
     1947function admin_url( $path = '', $scheme = 'admin', $esc_url = true ) {
     1948    return get_admin_url(null, $path, $scheme, $esc_url);
    19391949}
    19401950
     
    19501960 * @return string Admin url link with optional path appended
    19511961*/
    1952 function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin' ) {
     1962function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin', $esc_url = true ) {
    19531963    $url = get_site_url($blog_id, 'wp-admin/', $scheme);
    19541964
     
    19561966        $url .= ltrim($path, '/');
    19571967
    1958     return apply_filters('admin_url', $url, $path, $blog_id);
     1968    $url = apply_filters('admin_url', $url, $path, $blog_id);
     1969
     1970    if ( $esc_url )
     1971        $url = esc_url($url);
     1972
     1973    return $url;
    19591974}
    19601975
     
    19681983 * @return string Includes url link with optional path appended.
    19691984*/
    1970 function includes_url($path = '') {
     1985function includes_url($path = '', $esc_url = true) {
    19711986    $url = site_url() . '/' . WPINC . '/';
    19721987
     
    19741989        $url .= ltrim($path, '/');
    19751990
    1976     return apply_filters('includes_url', $url, $path);
     1991    $url = apply_filters('includes_url', $url, $path);
     1992
     1993    if ( $esc_url )
     1994        $url = esc_url($url);
     1995
     1996    return $url;
    19771997}
    19781998
     
    19862006 * @return string Content url link with optional path appended.
    19872007*/
    1988 function content_url($path = '') {
     2008function content_url($path = '', $esc_url = true) {
    19892009    $url = WP_CONTENT_URL;
    19902010    if ( 0 === strpos($url, 'http') && is_ssl() )
     
    19942014        $url .= '/' . ltrim($path, '/');
    19952015
    1996     return apply_filters('content_url', $url, $path);
     2016    $url = apply_filters('content_url', $url, $path);
     2017
     2018    if ( $esc_url )
     2019        $url = esc_url($url);
     2020
     2021    return $url;
    19972022}
    19982023
     
    20082033 * @return string Plugins url link with optional path appended.
    20092034*/
    2010 function plugins_url($path = '', $plugin = '') {
     2035function plugins_url($path = '', $plugin = '', $esc_url = true) {
    20112036
    20122037    $mu_plugin_dir = WPMU_PLUGIN_DIR;
     
    20332058        $url .= '/' . ltrim($path, '/');
    20342059
    2035     return apply_filters('plugins_url', $url, $path, $plugin);
     2060    $url = apply_filters('plugins_url', $url, $path, $plugin);
     2061
     2062    if ( $esc_url )
     2063        $url = esc_url($url);
     2064
     2065    return $url;
     2066
    20362067}
    20372068
     
    20502081 * @return string Site url link with optional path appended.
    20512082*/
    2052 function network_site_url( $path = '', $scheme = null ) {
     2083function network_site_url( $path = '', $scheme = null, $esc_url = true ) {
    20532084    global $current_site;
    20542085
     
    20752106        $url .= ltrim($path, '/');
    20762107
    2077     return apply_filters('network_site_url', $url, $path, $orig_scheme);
     2108    $url = apply_filters('network_site_url', $url, $path, $orig_scheme);
     2109
     2110    if ( $esc_url )
     2111        $url = esc_url($url);
     2112
     2113    return $url;
    20782114}
    20792115
     
    20922128 * @return string Home url link with optional path appended.
    20932129*/
    2094 function network_home_url( $path = '', $scheme = null ) {
     2130function network_home_url( $path = '', $scheme = null, $esc_url = true ) {
    20952131    global $current_site;
    20962132
     
    21102146        $url .= ltrim( $path, '/' );
    21112147
    2112     return apply_filters( 'network_home_url', $url, $path, $orig_scheme);
     2148    $url = apply_filters( 'network_home_url', $url, $path, $orig_scheme);
     2149
     2150    if ( $esc_url )
     2151        $url = esc_url($url);
     2152
     2153    return $url;
    21132154}
    21142155
     
    21232164 * @return string Admin url link with optional path appended
    21242165*/
    2125 function network_admin_url( $path = '', $scheme = 'admin' ) {
     2166function network_admin_url( $path = '', $scheme = 'admin', $esc_url = true ) {
    21262167    $url = network_site_url('wp-admin/', $scheme);
    21272168
     
    21292170        $url .= ltrim($path, '/');
    21302171
    2131     return apply_filters('network_admin_url', $url, $path);
     2172    $url = apply_filters('network_admin_url', $url, $path);
     2173
     2174    if ( $esc_url )
     2175        $url = esc_url($url);
     2176
     2177    return $url;
    21322178}
    21332179
Note: See TracChangeset for help on using the changeset viewer.