mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 01:27:36 +01:00
Use esc_url() instead of clean_url(). See #12309
git-svn-id: http://svn.automattic.com/wordpress/trunk@13297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
ee66f1de17
commit
5656a345b9
@ -261,7 +261,7 @@ Regards,
|
|||||||
All at ###SITENAME###
|
All at ###SITENAME###
|
||||||
###SITEURL###"), $new_admin_email );
|
###SITEURL###"), $new_admin_email );
|
||||||
|
|
||||||
$content = str_replace('###ADMIN_URL###', clean_url(get_option( "siteurl" ).'/wp-admin/options.php?adminhash='.$hash), $content);
|
$content = str_replace('###ADMIN_URL###', esc_url(get_option( "siteurl" ).'/wp-admin/options.php?adminhash='.$hash), $content);
|
||||||
$content = str_replace('###EMAIL###', $value, $content);
|
$content = str_replace('###EMAIL###', $value, $content);
|
||||||
$content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content);
|
$content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content);
|
||||||
$content = str_replace('###SITEURL###', 'http://' . $current_site->domain . $current_site->path, $content);
|
$content = str_replace('###SITEURL###', 'http://' . $current_site->domain . $current_site->path, $content);
|
||||||
@ -312,7 +312,7 @@ Regards,
|
|||||||
All at ###SITENAME###
|
All at ###SITENAME###
|
||||||
###SITEURL###"), $new_user_email );
|
###SITEURL###"), $new_user_email );
|
||||||
|
|
||||||
$content = str_replace('###ADMIN_URL###', clean_url(get_option( "siteurl" ).'/wp-admin/profile.php?newuseremail='.$hash), $content);
|
$content = str_replace('###ADMIN_URL###', esc_url(get_option( "siteurl" ).'/wp-admin/profile.php?newuseremail='.$hash), $content);
|
||||||
$content = str_replace('###EMAIL###', $_POST[ 'email' ], $content);
|
$content = str_replace('###EMAIL###', $_POST[ 'email' ], $content);
|
||||||
$content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content);
|
$content = str_replace('###SITENAME###', get_site_option( 'site_name' ), $content);
|
||||||
$content = str_replace('###SITEURL###', 'http://' . $current_site->domain . $current_site->path, $content);
|
$content = str_replace('###SITEURL###', 'http://' . $current_site->domain . $current_site->path, $content);
|
||||||
|
@ -195,7 +195,7 @@ function wp_install_defaults($user_id) {
|
|||||||
if ( empty($first_post) )
|
if ( empty($first_post) )
|
||||||
$first_post = stripslashes( __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ) );
|
$first_post = stripslashes( __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ) );
|
||||||
|
|
||||||
$first_post = str_replace( "SITE_URL", clean_url("http://" . $current_site->domain . $current_site->path), $first_post );
|
$first_post = str_replace( "SITE_URL", esc_url("http://" . $current_site->domain . $current_site->path), $first_post );
|
||||||
$first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post );
|
$first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post );
|
||||||
} else {
|
} else {
|
||||||
$first_post = __('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!');
|
$first_post = __('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!');
|
||||||
|
@ -397,7 +397,7 @@ switch ( $_GET['action'] ) {
|
|||||||
// Common
|
// Common
|
||||||
case "confirm":
|
case "confirm":
|
||||||
$referrer = ( isset($_GET['ref']) ) ? stripslashes($_GET['ref']) : $_SERVER['HTTP_REFERER'];
|
$referrer = ( isset($_GET['ref']) ) ? stripslashes($_GET['ref']) : $_SERVER['HTTP_REFERER'];
|
||||||
$referrer = clean_url($referrer);
|
$referrer = esc_url($referrer);
|
||||||
if ( !headers_sent() ) {
|
if ( !headers_sent() ) {
|
||||||
nocache_headers();
|
nocache_headers();
|
||||||
header( 'Content-Type: text/html; charset=utf-8' );
|
header( 'Content-Type: text/html; charset=utf-8' );
|
||||||
|
@ -180,9 +180,9 @@ if ( isset($_GET['updated']) && $_GET['updated'] == 'true' ) {
|
|||||||
|
|
||||||
case 'login':
|
case 'login':
|
||||||
$avatar = get_avatar( $user['user_email'], 32 );
|
$avatar = get_avatar( $user['user_email'], 32 );
|
||||||
$edit = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=".$user['ID'] ) );
|
$edit = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=".$user['ID'] ) );
|
||||||
// @todo Make delete link work like delete button with transfering users (in ms-edit.php)
|
// @todo Make delete link work like delete button with transfering users (in ms-edit.php)
|
||||||
//$delete = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user['ID'] ) );
|
//$delete = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), wp_nonce_url( 'ms-edit.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user['ID'] ) );
|
||||||
?>
|
?>
|
||||||
<td class="username column-username">
|
<td class="username column-username">
|
||||||
<?php echo $avatar; ?><strong><a href="<?php echo $edit; ?>" class="edit"><?php echo stripslashes($user['user_login']); ?></a></strong>
|
<?php echo $avatar; ?><strong><a href="<?php echo $edit; ?>" class="edit"><?php echo stripslashes($user['user_login']); ?></a></strong>
|
||||||
|
@ -215,7 +215,7 @@ class WP_oEmbed {
|
|||||||
return false;
|
return false;
|
||||||
|
|
||||||
$title = ( !empty($data->title) ) ? $data->title : '';
|
$title = ( !empty($data->title) ) ? $data->title : '';
|
||||||
$return = '<img src="' . esc_attr( clean_url( $data->url ) ) . '" alt="' . esc_attr($title) . '" width="' . esc_attr($data->width) . '" height="' . esc_attr($data->height) . '" />';
|
$return = '<img src="' . esc_url( $data->url ) . '" alt="' . esc_attr($title) . '" width="' . esc_attr($data->width) . '" height="' . esc_attr($data->height) . '" />';
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'video':
|
case 'video':
|
||||||
@ -224,7 +224,7 @@ class WP_oEmbed {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case 'link':
|
case 'link':
|
||||||
$return = ( !empty($data->title) ) ? '<a href="' . clean_url($url) . '">' . esc_html($data->title) . '</a>' : false;
|
$return = ( !empty($data->title) ) ? '<a href="' . esc_url($url) . '">' . esc_html($data->title) . '</a>' : false;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default;
|
default;
|
||||||
|
@ -2070,7 +2070,7 @@ function get_link($bookmark_id, $output = OBJECT, $filter = 'raw') {
|
|||||||
*/
|
*/
|
||||||
function sanitize_url( $url, $protocols = null ) {
|
function sanitize_url( $url, $protocols = null ) {
|
||||||
_deprecated_function( __FUNCTION__, '2.8', 'esc_url_raw()' );
|
_deprecated_function( __FUNCTION__, '2.8', 'esc_url_raw()' );
|
||||||
return clean_url( $url, $protocols, 'db' );
|
return esc_url_raw( $url, $protocols );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user