From cd767cd7a85aa30af978d2b1f30a3843e5f35ecd Mon Sep 17 00:00:00 2001 From: nacin Date: Mon, 22 Feb 2010 18:25:51 +0000 Subject: [PATCH] Deprecate clean_url() for esc_url(). Fixes #12309 git-svn-id: http://svn.automattic.com/wordpress/trunk@13299 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/deprecated.php | 25 ++++++++++++ wp-includes/formatting.php | 83 ++++++++++++++------------------------ 2 files changed, 56 insertions(+), 52 deletions(-) diff --git a/wp-includes/deprecated.php b/wp-includes/deprecated.php index 147fee3f46..27253dc680 100644 --- a/wp-includes/deprecated.php +++ b/wp-includes/deprecated.php @@ -2073,6 +2073,31 @@ function sanitize_url( $url, $protocols = null ) { return esc_url_raw( $url, $protocols ); } +/** + * Checks and cleans a URL. + * + * A number of characters are removed from the URL. If the URL is for displaying + * (the default behaviour) amperstands are also replaced. The 'clean_url' filter + * is applied to the returned cleaned URL. + * + * @since 1.2.0 + * @deprecated 3.0.0 + * @deprecated Use esc_url() + * @see Alias for esc_url() + * + * @param string $url The URL to be cleaned. + * @param array $protocols Optional. An array of acceptable protocols. + * @param string $context Optional. How the URL will be used. Default is 'display'. + * @return string The cleaned $url after the 'clean_url' filter is applied. + */ +function clean_url( $url, $protocols = null, $context = 'display' ) { + if ( $context == 'db' ) + _deprecated_function( 'clean_url( $context = \'db\' )', '3.0', 'esc_url_raw()' ); + else + _deprecated_function( __FUNCTION__, '3.0', 'esc_url()' ); + return esc_url( $url, $protocols, $context ); +} + /** * Escape single quotes, specialchar double quotes, and fix line endings. * diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 4d10eb5cbb..5a009bae64 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -2131,53 +2131,6 @@ function wp_htmledit_pre($output) { return apply_filters('htmledit_pre', $output); } -/** - * Checks and cleans a URL. - * - * A number of characters are removed from the URL. If the URL is for displaying - * (the default behaviour) amperstands are also replaced. The 'clean_url' filter - * is applied to the returned cleaned URL. - * - * @since 1.2.0 - * @uses wp_kses_bad_protocol() To only permit protocols in the URL set - * via $protocols or the common ones set in the function. - * - * @param string $url The URL to be cleaned. - * @param array $protocols Optional. An array of acceptable protocols. - * Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set. - * @param string $context Optional. How the URL will be used. Default is 'display'. - * @return string The cleaned $url after the 'clean_url' filter is applied. - */ -function clean_url( $url, $protocols = null, $context = 'display' ) { - $original_url = $url; - - if ('' == $url) return $url; - $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); - $strip = array('%0d', '%0a', '%0D', '%0A'); - $url = _deep_replace($strip, $url); - $url = str_replace(';//', '://', $url); - /* If the URL doesn't appear to contain a scheme, we - * presume it needs http:// appended (unless a relative - * link starting with / or a php file). - */ - if ( strpos($url, ':') === false && - substr( $url, 0, 1 ) != '/' && substr( $url, 0, 1 ) != '#' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) ) - $url = 'http://' . $url; - - // Replace ampersands and single quotes only when displaying. - if ( 'display' == $context ) { - $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); - $url = str_replace( "'", ''', $url ); - } - - if ( !is_array($protocols) ) - $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); - if ( wp_kses_bad_protocol( $url, $protocols ) != $url ) - return ''; - - return apply_filters('clean_url', $url, $original_url, $context); -} - /** * Perform a deep string replace operation to ensure the values in $search are no longer present * @@ -2229,31 +2182,57 @@ function esc_sql( $sql ) { * is applied to the returned cleaned URL. * * @since 2.8.0 - * @uses clean_url() * @uses wp_kses_bad_protocol() To only permit protocols in the URL set * via $protocols or the common ones set in the function. * * @param string $url The URL to be cleaned. * @param array $protocols Optional. An array of acceptable protocols. * Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set. + * @param string $_context Private. Use esc_url_raw() for database usage. * @return string The cleaned $url after the 'clean_url' filter is applied. */ -function esc_url( $url, $protocols = null ) { - return clean_url( $url, $protocols, 'display' ); +function esc_url( $url, $protocols = null, $_context = 'display' ) { + $original_url = $url; + + if ('' == $url) return $url; + $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); + $strip = array('%0d', '%0a', '%0D', '%0A'); + $url = _deep_replace($strip, $url); + $url = str_replace(';//', '://', $url); + /* If the URL doesn't appear to contain a scheme, we + * presume it needs http:// appended (unless a relative + * link starting with / or a php file). + */ + if ( strpos($url, ':') === false && + substr( $url, 0, 1 ) != '/' && substr( $url, 0, 1 ) != '#' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) ) + $url = 'http://' . $url; + + // Replace ampersands and single quotes only when displaying. + if ( 'display' == $_context ) { + $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); + $url = str_replace( "'", ''', $url ); + } + + if ( !is_array($protocols) ) + $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); + if ( wp_kses_bad_protocol( $url, $protocols ) != $url ) + return ''; + + return apply_filters('clean_url', $url, $original_url, $_context); } /** * Performs esc_url() for database usage. * * @since 2.8.0 - * @uses clean_url() + * @uses esc_url() * * @param string $url The URL to be cleaned. * @param array $protocols An array of acceptable protocols. * @return string The cleaned URL. */ function esc_url_raw( $url, $protocols = null ) { - return clean_url( $url, $protocols, 'db' ); + return esc_url( $url, $protocols, 'db' ); } /**