From 05a37728b1b7e950c0d132024805fc5725c85b4d Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Mon, 22 Feb 2010 18:15:10 +0000 Subject: [PATCH] Use esc_url() instead of clean_url(). See #12309 git-svn-id: https://develop.svn.wordpress.org/trunk@13297 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/includes/ms.php | 4 ++-- wp-admin/includes/upgrade.php | 2 +- wp-admin/ms-edit.php | 2 +- wp-admin/ms-users.php | 4 ++-- wp-includes/class-oembed.php | 4 ++-- wp-includes/deprecated.php | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/wp-admin/includes/ms.php b/wp-admin/includes/ms.php index a5691f8484..c97c424cad 100644 --- a/wp-admin/includes/ms.php +++ b/wp-admin/includes/ms.php @@ -261,7 +261,7 @@ Regards, All at ###SITENAME### ###SITEURL###"), $new_admin_email ); - $content = str_replace('###ADMIN_URL###', clean_url(get_option( "siteurl" ).'/wp-admin/options.php?adminhash='.$hash), $content); + $content = str_replace('###ADMIN_URL###', esc_url(get_option( "siteurl" ).'/wp-admin/options.php?adminhash='.$hash), $content); $content = str_replace('###EMAIL###', $value, $content); $content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content); $content = str_replace('###SITEURL###', 'http://' . $current_site->domain . $current_site->path, $content); @@ -312,7 +312,7 @@ Regards, All at ###SITENAME### ###SITEURL###"), $new_user_email ); - $content = str_replace('###ADMIN_URL###', clean_url(get_option( "siteurl" ).'/wp-admin/profile.php?newuseremail='.$hash), $content); + $content = str_replace('###ADMIN_URL###', esc_url(get_option( "siteurl" ).'/wp-admin/profile.php?newuseremail='.$hash), $content); $content = str_replace('###EMAIL###', $_POST[ 'email' ], $content); $content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content); $content = str_replace('###SITEURL###', 'http://' . $current_site->domain . $current_site->path, $content); diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php index b479ddf3e5..9c52b30bb7 100644 --- a/wp-admin/includes/upgrade.php +++ b/wp-admin/includes/upgrade.php @@ -195,7 +195,7 @@ function wp_install_defaults($user_id) { if ( empty($first_post) ) $first_post = stripslashes( __( 'Welcome to SITE_NAME. This is your first post. Edit or delete it, then start blogging!' ) ); - $first_post = str_replace( "SITE_URL", clean_url("http://" . $current_site->domain . $current_site->path), $first_post ); + $first_post = str_replace( "SITE_URL", esc_url("http://" . $current_site->domain . $current_site->path), $first_post ); $first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post ); } else { $first_post = __('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'); diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php index e15d27591e..2b867ca734 100644 --- a/wp-admin/ms-edit.php +++ b/wp-admin/ms-edit.php @@ -397,7 +397,7 @@ switch ( $_GET['action'] ) { // Common case "confirm": $referrer = ( isset($_GET['ref']) ) ? stripslashes($_GET['ref']) : $_SERVER['HTTP_REFERER']; - $referrer = clean_url($referrer); + $referrer = esc_url($referrer); if ( !headers_sent() ) { nocache_headers(); header( 'Content-Type: text/html; charset=utf-8' ); diff --git a/wp-admin/ms-users.php b/wp-admin/ms-users.php index 6aeac062e8..eac3830d95 100644 --- a/wp-admin/ms-users.php +++ b/wp-admin/ms-users.php @@ -180,9 +180,9 @@ if ( isset($_GET['updated']) && $_GET['updated'] == 'true' ) { case 'login': $avatar = get_avatar( $user['user_email'], 32 ); - $edit = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=".$user['ID'] ) ); + $edit = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=".$user['ID'] ) ); // @todo Make delete link work like delete button with transfering users (in ms-edit.php) - //$delete = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user['ID'] ) ); + //$delete = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user['ID'] ) ); ?> diff --git a/wp-includes/class-oembed.php b/wp-includes/class-oembed.php index 611724a76d..58c28b9135 100644 --- a/wp-includes/class-oembed.php +++ b/wp-includes/class-oembed.php @@ -215,7 +215,7 @@ class WP_oEmbed { return false; $title = ( !empty($data->title) ) ? $data->title : ''; - $return = '' . esc_attr($title) . ''; + $return = '' . esc_attr($title) . ''; break; case 'video': @@ -224,7 +224,7 @@ class WP_oEmbed { break; case 'link': - $return = ( !empty($data->title) ) ? '' . esc_html($data->title) . '' : false; + $return = ( !empty($data->title) ) ? '' . esc_html($data->title) . '' : false; break; default; diff --git a/wp-includes/deprecated.php b/wp-includes/deprecated.php index c0471033b0..147fee3f46 100644 --- a/wp-includes/deprecated.php +++ b/wp-includes/deprecated.php @@ -2070,7 +2070,7 @@ function get_link($bookmark_id, $output = OBJECT, $filter = 'raw') { */ function sanitize_url( $url, $protocols = null ) { _deprecated_function( __FUNCTION__, '2.8', 'esc_url_raw()' ); - return clean_url( $url, $protocols, 'db' ); + return esc_url_raw( $url, $protocols ); } /**