#12300 closed enhancement (fixed)
Allow filtration of image src URLs in wp-admin/
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 3.0 | Priority: | normal |
Severity: | normal | Version: | 3.0 |
Component: | Administration | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
For caching purposes, large multisites will probably want to serve static content from a single (or finite set of) domain(s) rather than from each blog's domain.
Javascript and stylesheet URLs are already filterable, but most of the admin-side images are hardcoded.
Attached uses admin_url()
or includes_url()
on most admin-side images.
The patch intentionally leaves out image src URLs hardcoded in install, upgrade, and maintenance pages where admin_url could (I suppose) not yet be working or may be broken.
Attachments (2)
Change History (11)
#4
in reply to:
↑ 3
@
15 years ago
Replying to nacin:
I'd suggest s/clean_url/esc_url/, though.
I looked to see which one was preferred. I got as far as noting that clean_url() was in formatting.php and assumed esc_url() was only there for parallelism. Can we deprecate clean_url() if it is, in fact, deprecated? (new ticket)
Patch using esc_url() attached.
#5
@
15 years ago
It's kind of confusing, yeah. esc_url_raw() used to be sanitize_url() which was deprecated. clean_url() wasn't deprecated in favor of esc_url() because both esc_url_raw() and esc_url() use it.
We could merge clean_url() into esc_url(), giving the latter the additional $context property and have esc_url_raw() call esc_url() instead, that way we get rid of the alias.
Though it doesn't make much of a difference, the less validation and sanitization functions we have, the less confused plugin authors are, and the more secure the code they write will be.
I'll check this in later.
#9
@
15 years ago
An FYI, this broke an interesting hack employed in the P2 theme: http://wordpress.org/support/topic/380872
Diff isn't showing up on Trac, but it looks good to me.