/**
* Checks and cleans a URL before printing it. Stolen from WP.
*
* A number of characters are removed from the URL. If the URL is for displaying
* (the default behaviour) ampersands are also replaced.
*
* @since 1.6
*
* @param string $url The URL to be cleaned.
* @param string $context 'display' or something else. Use yourls_sanitize_url() for database or redirection usage.
* @param array $protocols Optional. Array of allowed protocols, defaults to global $yourls_allowedprotocols
* @return string The cleaned $url
*/
function yourls_esc_url($url, $context = 'display', $protocols = array())
{
// make sure there's only one 'http://' at the beginning (prevents pasting a URL right after the default 'http://')
$url = str_replace(array('http://*****:*****@)?([^/#?]+)(.*)$!', $url, $matches)) {
list($all, $scheme, $slashes, $userinfo, $domain, $rest) = $matches;
$scheme = strtolower($scheme);
// Domain to lowercase. On URN eg "urn:example:animal:ferret:nose" don't lowercase anything else
if ($slashes == '//') {
$domain = strtolower($domain);
}
$url = $scheme . $slashes . $userinfo . $domain . $rest;
}
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\\|*\'()\\x80-\\xff]|i', '', $url);
// Previous regexp in YOURLS was '|[^a-z0-9-~+_.?\[\]\^#=!&;,/:%@$\|*`\'<>"()\\x80-\\xff\{\}]|i'
// TODO: check if that was it too destructive
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = yourls_deep_replace($strip, $url);
$url = str_replace(';//', '://', $url);
// Replace ampersands and single quotes only when displaying.
if ('display' == $context) {
$url = yourls_kses_normalize_entities($url);
$url = str_replace('&', '&', $url);
$url = str_replace("'", ''', $url);
}
if (!is_array($protocols) or !$protocols) {
global $yourls_allowedprotocols;
$protocols = yourls_apply_filter('esc_url_protocols', $yourls_allowedprotocols);
// Note: $yourls_allowedprotocols is also globally filterable in functions-kses.php/yourls_kses_init()
}
if (!yourls_is_allowed_protocol($url, $protocols)) {
return '';
}
// I didn't use KSES function kses_bad_protocol() because it doesn't work the way I liked (returns //blah from illegal://blah)
return yourls_apply_filter('esc_url', $url, $original_url, $context);
}
/**
* Checks and cleans a URL before printing it. Stolen from WP.
*
* A number of characters are removed from the URL. If the URL is for displaying
* (the default behaviour) ampersands are also replaced.
*
* @since 1.6
*
* @param string $url The URL to be cleaned.
* @param string $context 'display' or something else. Use yourls_sanitize_url() for database or redirection usage.
* @param array $protocols Optional. Array of allowed protocols, defaults to global $yourls_allowedprotocols
* @return string The cleaned $url
*/
function yourls_esc_url($url, $context = 'display', $protocols = array())
{
// make sure there's only one 'http://' at the beginning (prevents pasting a URL right after the default 'http://')
$url = str_replace(array('http://*****:*****@$\\|*\'()\\[\\]\\x80-\\xff]|i', '', $url);
// Previous regexp in YOURLS was '|[^a-z0-9-~+_.?\[\]\^#=!&;,/:%@$\|*`\'<>"()\\x80-\\xff\{\}]|i'
// TODO: check if that was it too destructive
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = yourls_deep_replace($strip, $url);
$url = str_replace(';//', '://', $url);
// Replace ampersands and single quotes only when displaying.
if ('display' == $context) {
$url = yourls_kses_normalize_entities($url);
$url = str_replace('&', '&', $url);
$url = str_replace("'", ''', $url);
}
if (!is_array($protocols) or !$protocols) {
global $yourls_allowedprotocols;
$protocols = yourls_apply_filter('esc_url_protocols', $yourls_allowedprotocols);
// Note: $yourls_allowedprotocols is also globally filterable in functions-kses.php/yourls_kses_init()
}
if (!yourls_is_allowed_protocol($url, $protocols)) {
return '';
}
// I didn't use KSES function kses_bad_protocol() because it doesn't work the way I liked (returns //blah from illegal://blah)
return yourls_apply_filter('esc_url', $url, $original_url, $context);
}
