February 11, 2011 
Definition:
function esc_url( $url, $protocols = null, $_context = 'display' ) {}
Checks and cleans a URL.
A number of characters are removed from the URL. If the URL is for displaying (the default behaviour) ampersands are also replaced. The ‘clean_url’ filter is applied to the returned cleaned URL.
Parameters
- string $url: The URL to be cleaned.
- array $protocols: Optional. An array of acceptable protocols. Defaults to ‘http’, ‘https’, ‘ftp’, ‘ftps’, ‘mailto’, ‘news’, ‘irc’, ‘gopher’, ‘nntp’, ‘feed’, ‘telnet’, ‘mms’, ‘rtsp’, ‘svn’ if not set.
- string $_context: Private. Use esc_url_raw() for database usage.
Return values
returns:The cleaned $url after the ‘clean_url’ filter is applied.
Defined filters
- clean_url
apply_filters('clean_url', $url, $original_url, $_context)
Source code
function esc_url( $url, $protocols = null, $_context = 'display' ) {
$original_url = $url;
if ( '' == $url )
return $url;
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = _deep_replace($strip, $url);
$url = str_replace(';//', '://', $url);
/* If the URL doesn't appear to contain a scheme, we
* presume it needs http:// appended (unless a relative
* link starting with /, # or ? or a php file).
*/
if ( strpos($url, ':') === false && ! in_array( $url[0], array( '/', '#', '?' ) ) &&
! preg_match('/^[a-z0-9-]+?\.php/i', $url) )
$url = 'http://' . $url;
// Replace ampersands and single quotes only when displaying.
if ( 'display' == $_context ) {
$url = wp_kses_normalize_entities( $url );
$url = str_replace( '&', '&', $url );
$url = str_replace( "'", ''', $url );
}
if ( ! is_array( $protocols ) )
$protocols = wp_allowed_protocols();
if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
return '';
return apply_filters('clean_url', $url, $original_url, $_context);
}
1040
A HitchHackers guide through WordPress 
No comments yet... Be the first to leave a reply!