[wp-testers] function clean_url, esc_url, urlencode
Philip M. Hofer (Frumph)
philip at frumph.net
Tue May 18 05:46:14 UTC 2010
No, it's not invalid, those are the actual filenames received from a glob.
So you're saying I need to make ANOTHER function that just changes spaces
into %20 's ? Rather absurd dont you think? If you're going to escape
other characters and make them valid why not the space?
----- Original Message -----
From: "Andrew Nacin" <wp at andrewnacin.com>
To: <wp-testers at lists.automattic.com>
Sent: Monday, May 17, 2010 10:43 PM
Subject: Re: [wp-testers] function clean_url, esc_url, urlencode
> clean_url and esc_url are the same function. In 3.0, esc_url is considered
> canonical and clean_url is officially deprecated.
> esc_url makes sure it is a valid URL, and escaped for output, generally
> an HTML attribute. Its job is to ensure that the URL is safe, thus
> eliminating XSS attack vectors.
> In this case, the URL you are passing is technically invalid. You must
> encode the spaces yourself.
> wp-testers mailing list
> wp-testers at lists.automattic.com
More information about the wp-testers