[wp-testers] function clean_url, esc_url, urlencode

Philip M. Hofer (Frumph) philip at frumph.net
Tue May 18 05:46:14 UTC 2010


No, it's not invalid, those are the actual filenames received from a glob.

So you're saying I need to make ANOTHER function that just changes spaces 
into %20 's ?  Rather absurd dont you think?  If you're going to escape 
other characters and make them valid why not the space?

- Phil

----- Original Message ----- 
From: "Andrew Nacin" <wp at andrewnacin.com>
To: <wp-testers at lists.automattic.com>
Sent: Monday, May 17, 2010 10:43 PM
Subject: Re: [wp-testers] function clean_url, esc_url, urlencode


> clean_url and esc_url are the same function. In 3.0, esc_url is considered
> canonical and clean_url is officially deprecated.
>
> esc_url makes sure it is a valid URL, and escaped for output, generally 
> into
> an HTML attribute. Its job is to ensure that the URL is safe, thus
> eliminating XSS attack vectors.
>
> In this case, the URL you are passing is technically invalid. You must
> encode the spaces yourself.
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
> 



More information about the wp-testers mailing list