sanitize_url example


    $content = apply_filters( 'user_request_confirmed_email_content', $content$email_data );

    $content = str_replace( '###SITENAME###', $email_data['sitename']$content );
    $content = str_replace( '###USER_EMAIL###', $email_data['user_email']$content );
    $content = str_replace( '###DESCRIPTION###', $email_data['description']$content );
    $content = str_replace( '###MANAGE_URL###', sanitize_url( $email_data['manage_url'] )$content );
    $content = str_replace( '###SITEURL###', sanitize_url( $email_data['siteurl'] )$content );

    $headers = '';

    /** * Filters the headers of the user request confirmation email. * * @since 5.4.0 * * @param string|array $headers The email headers. * @param string $subject The email subject. * @param string $content The email content. * @param int $request_id The request ID. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $user_email The email address confirming a request * @type string $description Description of the action being performed so the user knows what the email is for. * @type string $manage_url The link to click manage privacy requests of this type. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * @type string $admin_email The administrator email receiving the mail. * } */
'guid'           => $url,
            'context'        => 'custom-background',
        );

        // Save the data.         $id = wp_insert_attachment( $attachment$file );

        // Add the metadata.         wp_update_attachment_metadata( $idwp_generate_attachment_metadata( $id$file ) );
        update_post_meta( $id, '_wp_attachment_is_custom_background', get_option( 'stylesheet' ) );

        set_theme_mod( 'background_image', sanitize_url( $url ) );

        $thumbnail = wp_get_attachment_image_src( $id, 'thumbnail' );
        set_theme_mod( 'background_image_thumb', sanitize_url( $thumbnail[0] ) );

        /** This action is documented in wp-admin/includes/class-custom-image-header.php */
        do_action( 'wp_create_file_in_uploads', $file$id ); // For replication.         $this->updated = true;
    }

    /** * Handles Ajax request for adding custom background context to an attachment. * * Triggers when the user adds a new background image from the * Media Manager. * * @since 4.1.0 */
if ( empty( $_REQUEST['tag_ID'] ) ) {
    $sendback = admin_url( 'edit-tags.php' );
    if ( ! empty( $taxnow ) ) {
        $sendback = add_query_arg( array( 'taxonomy' => $taxnow )$sendback );
    }

    if ( 'post' !== get_current_screen()->post_type ) {
        $sendback = add_query_arg( 'post_type', get_current_screen()->post_type, $sendback );
    }

    wp_redirect( sanitize_url( $sendback ) );
    exit;
}

$tag_ID = absint( $_REQUEST['tag_ID'] );
$tag    = get_term( $tag_ID$taxnow, OBJECT, 'edit' );

if ( ! $tag instanceof WP_Term ) {
    wp_die( __( 'You attempted to edit an item that does not exist. Perhaps it was deleted?' ) );
}

$tax      = get_taxonomy( $tag->taxonomy );
/** * Prints JavaScript settings for preview frame. * * @since 3.4.0 */
    public function customize_preview_settings() {
        $post_values                 = $this->unsanitized_post_values( array( 'exclude_changeset' => true ) );
        $setting_validities          = $this->validate_setting_values( $post_values );
        $exported_setting_validities = array_map( array( $this, 'prepare_setting_validity_for_js' )$setting_validities );

        // Note that the REQUEST_URI is not passed into home_url() since this breaks subdirectory installations.         $self_url           = empty( $_SERVER['REQUEST_URI'] ) ? home_url( '/' ) : sanitize_url( wp_unslash( $_SERVER['REQUEST_URI'] ) );
        $state_query_params = array(
            'customize_theme',
            'customize_changeset_uuid',
            'customize_messenger_channel',
        );
        $self_url           = remove_query_arg( $state_query_params$self_url );

        $allowed_urls  = $this->get_allowed_urls();
        $allowed_hosts = array();
        foreach ( $allowed_urls as $allowed_url ) {
            $parsed = wp_parse_url( $allowed_url );
            
if ( $is_block_theme && $can_edit_theme_options ) {
            $customize_action = admin_url( 'site-editor.php' );
            if ( $current_theme !== $slug ) {
                $customize_action = add_query_arg( 'wp_theme_preview', $slug$customize_action );
            }
        } elseif ( ! $is_block_theme && $can_customize && $can_edit_theme_options ) {
            $customize_action = wp_customize_url( $slug );
        }
        if ( null !== $customize_action ) {
            $customize_action = add_query_arg(
                array(
                    'return' => urlencode( sanitize_url( remove_query_arg( wp_removable_query_args()wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ),
                ),
                $customize_action
            );
            $customize_action = esc_url( $customize_action );
        }

        $update_requires_wp  = isset( $updates[ $slug ]['requires'] ) ? $updates[ $slug ]['requires'] : null;
        $update_requires_php = isset( $updates[ $slug ]['requires_php'] ) ? $updates[ $slug ]['requires_php'] : null;

        $auto_update        = in_array( $slug$auto_updates, true );
        $auto_update_action = $auto_update ? 'disable-auto-update' : 'enable-auto-update';

        

    $content = apply_filters( 'wp_privacy_personal_data_email_content', $email_text$request_id$email_data );

    $content = str_replace( '###EXPIRATION###', $expiration_date$content );
    $content = str_replace( '###LINK###', sanitize_url( $export_file_url )$content );
    $content = str_replace( '###EMAIL###', $request_email$content );
    $content = str_replace( '###SITENAME###', $site_name$content );
    $content = str_replace( '###SITEURL###', sanitize_url( $site_url )$content );

    $headers = '';

    /** * Filters the headers of the email sent with a personal data export file. * * @since 5.4.0 * * @param string|array $headers The email headers. * @param string $subject The email subject. * @param string $content The email content. * @param int $request_id The request ID. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type int $expiration The time in seconds until the export file expires. * @type string $expiration_date The localized date and time when the export file expires. * @type string $message_recipient The address that the email will be sent to. Defaults * to the value of `$request->email`, but can be changed * by the `wp_privacy_personal_data_email_to` filter. * @type string $export_file_url The export file URL. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */

    $url = apply_filters( 'get_header_image', $url );

    if ( ! is_string( $url ) ) {
        return false;
    }

    $url = trim( $url );
    return sanitize_url( set_url_scheme( $url ) );
}

/** * Creates image tag markup for a custom header image. * * @since 4.4.0 * * @param array $attr Optional. Additional attributes for the image tag. Can be used * to override the default attributes. Default empty. * @return string HTML image element markup or empty string on failure. */
switch ( $type ) {
        case 'html':
            $gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '">';
            break;
        case 'xhtml':
            $gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '" />';
            break;
        case 'atom':
            $gen = '<generator uri="https://wordpress.org/" version="' . esc_attr( get_bloginfo_rss( 'version' ) ) . '">WordPress</generator>';
            break;
        case 'rss2':
            $gen = '<generator>' . sanitize_url( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '</generator>';
            break;
        case 'rdf':
            $gen = '<admin:generatorAgent rdf:resource="' . sanitize_url( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '" />';
            break;
        case 'comment':
            $gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo( 'version' ) ) . '" -->';
            break;
        case 'export':
            $gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo_rss( 'version' ) ) . '" created="' . gmdate( 'Y-m-d H:i' ) . '" -->';
            break;
    }

    
$schema['properties']['url'] = array(
            'description' => __( 'The URL to which this menu item points.' ),
            'type'        => 'string',
            'format'      => 'uri',
            'context'     => array( 'view', 'edit', 'embed' ),
            'arg_options' => array(
                'validate_callback' => static function D $url ) {
                    if ( '' === $url ) {
                        return true;
                    }

                    if ( sanitize_url( $url ) ) {
                        return true;
                    }

                    return new WP_Error(
                        'rest_invalid_url',
                        __( 'Invalid URL.' )
                    );
                },
            ),
        );

        
<div class="notice notice-info"><p><strong><?php _e( 'Important:' ); ?></strong> <?php _e( 'This user has super admin privileges.' ); ?></p></div> <?php endif; ?> <?php if ( isset( $_GET['updated'] ) ) : ?> <div id="message" class="updated notice is-dismissible"> <?php if ( IS_PROFILE_PAGE ) : ?> <p><strong><?php _e( 'Profile updated.' ); ?></strong></p> <?php else : ?> <p><strong><?php _e( 'User updated.' ); ?></strong></p> <?php endif; ?> <?php if ( $wp_http_referer && ! str_contains( $wp_http_referer, 'user-new.php' ) && ! IS_PROFILE_PAGE ) : ?> <p><a href="<?php echo esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer )self_admin_url( 'users.php' ) ) ); ?>"><?php _e( '&larr; Go to Users' ); ?></a></p> <?php endif; ?> </div> <?php endif; ?> <?php if ( isset( $_GET['error'] ) ) : ?> <div class="notice notice-error"> <?php if ( 'new-email' === $_GET['error'] ) : ?> <p><?php _e( 'Error while saving the new email address. Please try again.' ); ?></p> <?php endif; ?> </div> <?php endif; ?>
if ( ! isset( $_REQUEST['tag_ID'] ) ) {
            break;
        }

        $term_id = (int) $_REQUEST['tag_ID'];
        $term    = get_term( $term_id );

        if ( ! $term instanceof WP_Term ) {
            wp_die( __( 'You attempted to edit an item that does not exist. Perhaps it was deleted?' ) );
        }

        wp_redirect( sanitize_url( get_edit_term_link( $term_id$taxonomy$post_type ) ) );
        exit;

    case 'editedtag':
        $tag_ID = (int) $_POST['tag_ID'];
        check_admin_referer( 'update-tag_' . $tag_ID );

        if ( ! current_user_can( 'edit_term', $tag_ID ) ) {
            wp_die(
                '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
                '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>',
                403
            );
update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key( $args['menu-item-type'] ) );
    update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', (string) ( (int) $args['menu-item-parent-id'] ) );
    update_post_meta( $menu_item_db_id, '_menu_item_object_id', (string) ( (int) $args['menu-item-object-id'] ) );
    update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key( $args['menu-item-object'] ) );
    update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key( $args['menu-item-target'] ) );

    $args['menu-item-classes'] = array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-classes'] ) );
    $args['menu-item-xfn']     = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) );
    update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );
    update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );
    update_post_meta( $menu_item_db_id, '_menu_item_url', sanitize_url( $args['menu-item-url'] ) );

    if ( 0 == $menu_id ) {
        update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() );
    } elseif ( get_post_meta( $menu_item_db_id, '_menu_item_orphaned' ) ) {
        delete_post_meta( $menu_item_db_id, '_menu_item_orphaned' );
    }

    // Update existing menu item. Default is publish status.     if ( $update ) {
        $post['ID']          = $menu_item_db_id;
        $post['post_status'] = ( 'draft' === $args['menu-item-status'] ) ? 'draft' : 'publish';

        

function esc_url_raw( $url$protocols = null ) {
    return sanitize_url( $url$protocols );
}

/** * Sanitizes a URL for database or redirect usage. * * @since 2.3.1 * @since 2.8.0 Deprecated in favor of esc_url_raw(). * @since 5.9.0 Restored (un-deprecated). * * @see esc_url() * * @param string $url The URL to be cleaned. * @param string[] $protocols Optional. An array of acceptable protocols. * Defaults to return value of wp_allowed_protocols(). * @return string The cleaned URL after esc_url() is run with the 'db' context. */
<?php echo $tax->labels->edit_item; ?></h1> <?php $class = ( isset( $msg ) && 5 === $msg ) ? 'error' : 'success';

if ( $message ) {
    ?> <div id="message" class="notice notice-<?php echo $class; ?>"> <p><strong><?php echo $message; ?></strong></p> <?php if ( $wp_http_referer ) { ?> <p><a href="<?php echo esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer )admin_url( 'term.php?taxonomy=' . $taxonomy ) ) ); ?>"> <?php echo esc_html( $tax->labels->back_to_items ); ?> </a></p> <?php } ?> </div> <?php }
?> <div id="ajax-response"></div> <form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate"
'abbr'    => array( 'title' => true ),
                    'acronym' => array( 'title' => true ),
                    'code'    => true,
                    'em'      => true,
                    'strong'  => true,
                );

                $value = wp_kses( $value$header_tags_with_a );
                break;
            case 'ThemeURI':
            case 'AuthorURI':
                $value = sanitize_url( $value );
                break;
            case 'Tags':
                $value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
                break;
            case 'Version':
            case 'RequiresWP':
            case 'RequiresPHP':
            case 'UpdateURI':
                $value = strip_tags( $value );
                break;
        }

        
Home | Imprint | This part of the site doesn't use cookies.