[wp-testers] function clean_url, esc_url, urlencode

Philip M. Hofer (Frumph) philip at frumph.net
Tue May 18 12:17:28 UTC 2010


function comicpress_clean_filename($filename) {
 return str_replace("%2F", "/", rawurlencode($filename));

Is what I came up with, it just does the filename which I attach the proper 

I had to go back through where I was using esc_url / clean_url in all my 
stuff because I was under a different assumption of what the function 
actually did.  Now I have no clue why it even exists, what does esc_url 
actually do?  Prepare a $_SYSTEM string from hack attempts?

- Phil

----- Original Message ----- 
From: "Dougal Campbell" <dougal at gunters.org>
To: <wp-testers at lists.automattic.com>
Sent: Tuesday, May 18, 2010 5:02 AM
Subject: Re: [wp-testers] function clean_url, esc_url, urlencode

> On May 18 2010 1:46 AM, Philip M. Hofer (Frumph) wrote:
>> No, it's not invalid, those are the actual filenames received from a 
>> glob.
>> So you're saying I need to make ANOTHER function that just changes spaces 
>> into %20 's ?  Rather absurd dont you think?  If you're going to escape 
>> other characters and make them valid why not the space?
>> - Phil
> As Andrew said, filenames !== url paths. You need to encode the path 
> portion with rawurlencode() before appending it to your path. Yes, in most 
> filesystems a space is a valid filename character. And in some cases, web 
> servers and browers will transparently handle those spaces. But not in 
> every case, and it's always best to "manually" handle these cases to 
> ensure that your generated URLs are valid, in case you end up passing them 
> to a service that doesn't deal with spaces.
> rawurlencode(): encode path portions of a URL
> urlencode(): encode querystring values
> Note, we're not talking about the *entire* URL here, just the portions 
> after your hostname. So generally, you're going to do something along the 
> lines of:
>   $enc_url = trailingslashit($base_url) . rawurlencode($filename) . 
> '?myvar=' . urlencode($some_var);
> Clear? :)
> -- 
> Dougal Campbell <dougal at gunters.org>
> http://dougal.gunters.org/
> http://twitter.com/dougal
> http://twitual.com/
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers

More information about the wp-testers mailing list