Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#12309 closed enhancement (fixed)

Deprecate clean_url() in favor of esc_url() and esc_url_raw()

Reported by: nacin Owned by: nacin
Milestone: 3.0 Priority: normal
Severity: normal Version:
Component: Inline Docs Keywords:
Focuses: Cc:


Though eliminating a straight alias doesn't make much of a difference, the less validation and sanitization functions we have, the less confused plugin authors are, which hopefully means they try to write more secure the code.

We should merge clean_url() into esc_url(), giving esc_url() a $_context argument. esc_url_raw() can then call esc_url() with a $_context of 'db'.

Attachments (1)

12309.diff (6.2 KB) - added by nacin 6 years ago.

Download all attachments as: .zip

Change History (3)

@nacin6 years ago

comment:1 @nacin6 years ago

(In [13297]) Use esc_url() instead of clean_url(). See #12309

comment:2 @nacin6 years ago

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.