Advertisements

esc_url

Definition:
function esc_url( $url, $protocols = null, $_context = 'display' ) {}

Checks and cleans a URL.
A number of characters are removed from the URL. If the URL is for displaying (the default behaviour) ampersands are also replaced. The ‘clean_url’ filter is applied to the returned cleaned URL.

Parameters

  • string $url: The URL to be cleaned.
  • array $protocols: Optional. An array of acceptable protocols. Defaults to ‘http’, ‘https’, ‘ftp’, ‘ftps’, ‘mailto’, ‘news’, ‘irc’, ‘gopher’, ‘nntp’, ‘feed’, ‘telnet’, ‘mms’, ‘rtsp’, ‘svn’ if not set.
  • string $_context: Private. Use esc_url_raw() for database usage.

Return values

returns:The cleaned $url after the ‘clean_url’ filter is applied.

Defined filters

  • clean_url
    apply_filters('clean_url', $url, $original_url, $_context)

Source code

function esc_url( $url, $protocols = null, $_context = 'display' ) {

	$original_url = $url;



	if ( '' == $url )

		return $url;

	$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);

	$strip = array('%0d', '%0a', '%0D', '%0A');

	$url = _deep_replace($strip, $url);

	$url = str_replace(';//', '://', $url);

	/* If the URL doesn't appear to contain a scheme, we

	 * presume it needs http:// appended (unless a relative

	 * link starting with /, # or ? or a php file).

	 */

	if ( strpos($url, ':') === false && ! in_array( $url[0], array( '/', '#', '?' ) ) &&

		! preg_match('/^[a-z0-9-]+?\.php/i', $url) )

		$url = 'http://' . $url;



	// Replace ampersands and single quotes only when displaying.

	if ( 'display' == $_context ) {

		$url = wp_kses_normalize_entities( $url );

		$url = str_replace( '&', '&', $url );

		$url = str_replace( "'", ''', $url );

	}



	if ( ! is_array( $protocols ) )

		$protocols = wp_allowed_protocols();

	if ( wp_kses_bad_protocol( $url, $protocols ) != $url )

		return '';



	return apply_filters('clean_url', $url, $original_url, $_context);

}

1040

Advertisements

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: