WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
09/24/2015 07:31:40 PM (10 years ago)
Author:
DrewAPicture
Message:

Docs: Overhaul the DocBlock for add_query_arg() to attempt to better explain the various call signatures it accepts.

Also adds a couple of in-DocBlock examples illustrating single key and value, and associative array usage. Retains the note about the unescaped return value.

Props johnbillion.
See #33912.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/functions.php

    r34348 r34511  
    671671
    672672/**
    673  * Retrieve a modified URL query string.
    674  *
    675  * You can rebuild the URL and append a new query variable to the URL query by
    676  * using this function. You can also retrieve the full URL with query data.
    677  *
    678  * Adding a single key & value or an associative array. Setting a key value to
    679  * an empty string removes the key. Omitting oldquery_or_uri uses the $_SERVER
    680  * value. Additional values provided are expected to be encoded appropriately
    681  * with urlencode() or rawurlencode().
    682  *
    683  * Important: The return value of add_query_arg() is not escaped by default.
    684  * Output should be late-escaped with esc_url() or similar to help prevent
    685  * vulnerability to cross-site scripting (XSS) attacks.
     673 * Retrieves a modified URL query string.
     674 *
     675 * You can rebuild the URL and append query variables to the URL query by using this function.
     676 * There are two ways to use this function; either a single key and value, or an associative array.
     677 *
     678 * Using a single key and value:
     679 *
     680 *     add_query_arg( 'key', 'value', 'http://example.com' );
     681 *
     682 * Using an associative array:
     683 *
     684 *     add_query_arg( array(
     685 *         'key1' => 'value1',
     686 *         'key2' => 'value2',
     687 *     ), 'http://example.com' );
     688 *
     689 * Omitting the URL from either use results in the current URL being used
     690 * (the value of `$_SERVER['REQUEST_URI']`).
     691 *
     692 * Values are expected to be encoded appropriately with urlencode() or rawurlencode().
     693 *
     694 * Setting any query variable's value to boolean false removes the key (see remove_query_arg()).
     695 *
     696 * Important: The return value of add_query_arg() is not escaped by default. Output should be
     697 * late-escaped with esc_url() or similar to help prevent vulnerability to cross-site scripting
     698 * (XSS) attacks.
    686699 *
    687700 * @since 1.5.0
    688701 *
    689  * @param string|array $param1 Either newkey or an associative_array.
    690  * @param string       $param2 Either newvalue or oldquery or URI.
    691  * @param string       $param3 Optional. Old query or URI.
    692  * @return string New URL query string.
     702 * @param string|array $key   Either a query variable key, or an associative array of query variables.
     703 * @param string       $value Optional. Either a query variable value, or a URL to act upon.
     704 * @param string       $url   Optional. A URL to act upon.
     705 * @return string New URL query string (unescaped).
    693706 */
    694707function add_query_arg() {
Note: See TracChangeset for help on using the changeset viewer.