Checks and cleans a URL.
Description
A number of characters are removed from the URL. If the URL is for displaying (the default behavior) ampersands are also replaced. The ‘clean_url’ filter is applied to the returned cleaned URL.
Parameters
$url
stringrequired- The URL to be cleaned.
$protocols
string[]optional- An array of acceptable protocols.
Defaults to return value of wp_allowed_protocols() .Default:
null
$_context
stringoptional- Private. Use sanitize_url() for database usage.
Default:
'display'
Return
string The cleaned URL after the 'clean_url' filter is applied.An empty string is returned if
$url
specifies a protocol other than those in $protocols
, or if $url
contains an empty string.More Information
Always use esc_url when escaping URLs (in text nodes, attribute nodes or anywhere else). For sanitizing, sanitize_url() should be used instead. Rejects URLs that do not have one of the provided whitelisted protocols (defaulting to http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed, and telnet), eliminates invalid characters and removes dangerous characters. This function encodes characters as HTML entities: use it when generating an (X)HTML or XML document. Encodes ampersands (&) and single quotes (‘) as numeric entity references (&, ').
If the URL appears to be an absolute link that does not contain a scheme, prepends http://
. Please note that relative urls (/my-url/parameter2/), as well as anchors (#myanchor) and parameter items (?myparam=yes) are also allowed and filtered as a special case, without prepending the default protocol to the filtered url.
Replaces the deprecated clean_url() .
Source
function esc_url( $url, $protocols = null, $_context = 'display' ) {
$original_url = $url;
if ( '' === $url ) {
return $url;
}
$url = str_replace( ' ', '%20', ltrim( $url ) );
$url = preg_replace( '|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\[\]\\x80-\\xff]|i', '', $url );
if ( '' === $url ) {
return $url;
}
if ( 0 !== stripos( $url, 'mailto:' ) ) {
$strip = array( '%0d', '%0a', '%0D', '%0A' );
$url = _deep_replace( $strip, $url );
}
$url = str_replace( ';//', '://', $url );
/*
* If the URL doesn't appear to contain a scheme, we presume
* it needs http:// prepended (unless it's a relative link
* starting with /, # or ?, or a PHP file).
*/
if ( ! str_contains( $url, ':' ) && ! in_array( $url[0], array( '/', '#', '?' ), true ) &&
! preg_match( '/^[a-z0-9-]+?\.php/i', $url )
) {
$url = 'http://' . $url;
}
// Replace ampersands and single quotes only when displaying.
if ( 'display' === $_context ) {
$url = wp_kses_normalize_entities( $url );
$url = str_replace( '&', '&', $url );
$url = str_replace( "'", ''', $url );
}
if ( str_contains( $url, '[' ) || str_contains( $url, ']' ) ) {
$parsed = wp_parse_url( $url );
$front = '';
if ( isset( $parsed['scheme'] ) ) {
$front .= $parsed['scheme'] . '://';
} elseif ( '/' === $url[0] ) {
$front .= '//';
}
if ( isset( $parsed['user'] ) ) {
$front .= $parsed['user'];
}
if ( isset( $parsed['pass'] ) ) {
$front .= ':' . $parsed['pass'];
}
if ( isset( $parsed['user'] ) || isset( $parsed['pass'] ) ) {
$front .= '@';
}
if ( isset( $parsed['host'] ) ) {
$front .= $parsed['host'];
}
if ( isset( $parsed['port'] ) ) {
$front .= ':' . $parsed['port'];
}
$end_dirty = str_replace( $front, '', $url );
$end_clean = str_replace( array( '[', ']' ), array( '%5B', '%5D' ), $end_dirty );
$url = str_replace( $end_dirty, $end_clean, $url );
}
if ( '/' === $url[0] ) {
$good_protocol_url = $url;
} else {
if ( ! is_array( $protocols ) ) {
$protocols = wp_allowed_protocols();
}
$good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
if ( strtolower( $good_protocol_url ) !== strtolower( $url ) ) {
return '';
}
}
/**
* Filters a string cleaned and escaped for output as a URL.
*
* @since 2.3.0
*
* @param string $good_protocol_url The cleaned URL to be returned.
* @param string $original_url The URL prior to cleaning.
* @param string $_context If 'display', replace ampersands and single quotes only.
*/
return apply_filters( 'clean_url', $good_protocol_url, $original_url, $_context );
}
Hooks
- apply_filters( ‘clean_url’,
string $good_protocol_url ,string $original_url ,string $_context ) Filters a string cleaned and escaped for output as a URL.
Related
Uses | Description |
---|---|
stripos()wp-includes/class-pop3.php | |
wp_parse_url()wp-includes/http.php | A wrapper for PHP’s parse_url() function that handles consistency in the return values across PHP versions. |
_deep_replace()wp-includes/formatting.php | Performs a deep string replace operation to ensure the values in $search are no longer present. |
wp_kses_normalize_entities()wp-includes/kses.php | Converts and fixes HTML entities. |
wp_kses_bad_protocol()wp-includes/kses.php | Sanitizes a string and removed disallowed URL protocols. |
wp_allowed_protocols()wp-includes/functions.php | Retrieves a list of protocols to allow in HTML attributes. |
apply_filters()wp-includes/plugin.php | Calls the callback functions that have been added to a filter hook. |
Used by | Description |
---|---|
WP_Site_Health::get_test_autoloaded_options()wp-admin/includes/class-wp-site-health.php | Tests the number of autoloaded options. |
WP_Plugin_Dependencies::display_admin_notice_for_unmet_dependencies()wp-includes/class-wp-plugin-dependencies.php | Displays an admin notice if dependencies are not installed. |
WP_Script_Modules::print_script_module_preloads()wp-includes/class-wp-script-modules.php | Prints the the static dependencies of the enqueued script modules using link tags with rel=”modulepreload” attributes. |
WP_Plugin_Install_List_Table::get_more_details_link()wp-admin/includes/class-wp-plugin-install-list-table.php | Creates a ‘More details’ link for the plugin. |
wp_get_plugin_action_button()wp-admin/includes/plugin-install.php | Gets the markup for the plugin install action button. |
WP_Plugins_List_Table::get_view_details_link()wp-admin/includes/class-wp-plugins-list-table.php | Returns a ‘View details’ link for the plugin. |
Walker_Nav_Menu::build_atts()wp-includes/class-walker-nav-menu.php | Builds a string of HTML attributes from an array of key/value pairs. |
WP_HTML_Tag_Processor::set_attribute()wp-includes/html-api/class-wp-html-tag-processor.php | Updates or creates a new attribute on the currently matched tag with the passed value. |
wp_preload_resources()wp-includes/general-template.php | Prints resource preloads directives to browsers. |
WP_Site_Health::get_test_persistent_object_cache()wp-admin/includes/class-wp-site-health.php | Tests if the site uses persistent object cache and recommends to use it if not. |
WP_List_Table::get_views_links()wp-admin/includes/class-wp-list-table.php | Generates views links. |
WP_Widget_Media::get_l10n_defaults()wp-includes/widgets/class-wp-widget-media.php | Returns the default localized strings used by the widget. |
wp_list_users()wp-includes/user.php | Lists all the users of the site, with several options available. |
deactivated_plugins_notice()wp-admin/includes/plugin.php | Renders an admin notice when a plugin was deactivated during an update. |
wp_is_local_html_output()wp-includes/https-detection.php | Checks whether a given HTML string is likely an output from this WordPress site. |
WP_Site_Health::get_test_authorization_header()wp-admin/includes/class-wp-site-health.php | Tests if the Authorization header has the expected values. |
WP_Sitemaps::add_robots()wp-includes/sitemaps/class-wp-sitemaps.php | Adds the sitemap index to robots.txt. |
WP_Sitemaps_Renderer::get_sitemap_index_xml()wp-includes/sitemaps/class-wp-sitemaps-renderer.php | Gets XML for a sitemap index. |
WP_Sitemaps_Renderer::get_sitemap_xml()wp-includes/sitemaps/class-wp-sitemaps-renderer.php | Gets XML for a sitemap. |
WP_Sitemaps_Renderer::__construct()wp-includes/sitemaps/class-wp-sitemaps-renderer.php | WP_Sitemaps_Renderer constructor. |
WP_Sitemaps_Stylesheet::get_sitemap_stylesheet()wp-includes/sitemaps/class-wp-sitemaps-stylesheet.php | Returns the escaped XSL for all sitemaps, except index. |
WP_Sitemaps_Stylesheet::get_sitemap_index_stylesheet()wp-includes/sitemaps/class-wp-sitemaps-stylesheet.php | Returns the escaped XSL for the index sitemaps. |
WP_Automatic_Updater::send_plugin_theme_email()wp-admin/includes/class-wp-automatic-updater.php | Sends an email upon the completion or failure of a plugin or theme background update. |
wp_dashboard_site_health()wp-admin/includes/dashboard.php | Displays the Site Health Status widget. |
wp_credits_section_list()wp-admin/includes/credits.php | Displays a list of contributors for a given group. |
WP_Privacy_Data_Removal_Requests_List_Table::column_email()wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php | Outputs the Actions column. |
WP_Privacy_Data_Removal_Requests_List_Table::column_next_steps()wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php | Outputs the Next steps column. |
WP_MS_Sites_List_Table::get_views()wp-admin/includes/class-wp-ms-sites-list-table.php | Gets links to filter sites by status. |
WP_Privacy_Data_Export_Requests_List_Table::column_email()wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php | Actions column. |
WP_Privacy_Data_Export_Requests_List_Table::column_next_steps()wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php | Displays the next steps column. |
wp_get_update_php_annotation()wp-includes/functions.php | Returns the default annotation for the web hosting altering the “Update PHP” page URL. |
paused_themes_notice()wp-admin/includes/theme.php | Renders an admin notice in case some themes have been paused due to errors. |
wp_recovery_mode_nag()wp-admin/includes/update.php | Displays a notice when the user is in recovery mode. |
WP_Site_Health::get_test_wordpress_version()wp-admin/includes/class-wp-site-health.php | Tests for WordPress version and outputs it. |
WP_Site_Health::get_test_plugin_version()wp-admin/includes/class-wp-site-health.php | Tests if plugins are outdated, or unnecessary. |
WP_Site_Health::get_test_theme_version()wp-admin/includes/class-wp-site-health.php | Tests if themes are outdated, or unnecessary. |
WP_Site_Health::get_test_php_version()wp-admin/includes/class-wp-site-health.php | Tests if the supplied PHP version is supported. |
WP_Site_Health::get_test_php_extensions()wp-admin/includes/class-wp-site-health.php | Tests if required PHP modules are installed on the host. |
WP_Site_Health::get_test_sql_server()wp-admin/includes/class-wp-site-health.php | Tests if the SQL server is up to date. |
WP_Site_Health::get_test_dotorg_communication()wp-admin/includes/class-wp-site-health.php | Tests if the site can communicate with WordPress.org. |
WP_Site_Health::get_test_is_in_debug_mode()wp-admin/includes/class-wp-site-health.php | Tests if debug information is enabled. |
WP_Site_Health::get_test_https_status()wp-admin/includes/class-wp-site-health.php | Tests if the site is serving content over HTTPS. |
paused_plugins_notice()wp-admin/includes/plugin.php | Renders an admin notice in case some plugins have been paused due to errors. |
validate_plugin_requirements()wp-admin/includes/plugin.php | Validates the plugin requirements for WordPress version and PHP version. |
wp_direct_php_update_button()wp-includes/functions.php | Displays a button directly linking to a PHP update process. |
wp_dashboard_php_nag()wp-admin/includes/dashboard.php | Displays the PHP update nag. |
wp_get_script_polyfill()wp-includes/script-loader.php | Returns contents of an inline script used in appending polyfill scripts for browsers which fail the provided tests. The provided array is a mapping from a condition to verify feature support to its polyfill script handle. |
do_block_editor_incompatible_meta_box()wp-admin/includes/template.php | Renders a “fake” meta box with an information message, shown on the block editor, when an incompatible meta box is found. |
the_block_editor_meta_boxes()wp-admin/includes/post.php | Renders the meta boxes forms. |
the_block_editor_meta_box_post_form_hidden_fields()wp-admin/includes/post.php | Renders the hidden form required for the meta boxes form. |
wp_comments_personal_data_exporter()wp-includes/comment.php | Finds and exports personal data associated with an email address from the comments table. |
get_the_privacy_policy_link()wp-includes/link-template.php | Returns the privacy policy link with formatting, when applicable. |
WP_Privacy_Policy_Content::notice()wp-admin/includes/class-wp-privacy-policy-content.php | Adds a notice with a link to the guide when editing the privacy policy page. |
WP_Privacy_Policy_Content::policy_text_changed_notice()wp-admin/includes/class-wp-privacy-policy-content.php | Outputs a warning when some privacy info has changed. |
wp_privacy_generate_personal_data_export_group_html()wp-admin/includes/privacy-tools.php | Generate a single group for the personal data export report. |
WP_Privacy_Requests_Table::column_email()wp-admin/includes/class-wp-privacy-requests-table.php | Actions column. Overridden by children. |
WP_Privacy_Requests_Table::get_views()wp-admin/includes/class-wp-privacy-requests-table.php | Gets an associative array ( id => link ) with the list of views available on this table. |
WP_Widget_Custom_HTML::add_help_text()wp-includes/widgets/class-wp-widget-custom-html.php | Add help text to widgets admin screen. |
update_network_option_new_admin_email()wp-includes/ms-functions.php | Sends a confirmation request email when a change of network admin email address is attempted. |
wp_load_press_this()wp-admin/press-this.php | |
wp_print_plugin_file_tree()wp-admin/includes/misc.php | Outputs the formatted file list for the plugin file editor. |
wp_print_theme_file_tree()wp-admin/includes/misc.php | Outputs the formatted file list for the theme file editor. |
get_term_parents_list()wp-includes/category-template.php | Retrieves term parents with separator. |
WP_Widget_Media_Audio::__construct()wp-includes/widgets/class-wp-widget-media-audio.php | Constructor. |
WP_Widget_Media_Video::__construct()wp-includes/widgets/class-wp-widget-media-video.php | Constructor. |
WP_Widget_Media_Image::render_media()wp-includes/widgets/class-wp-widget-media-image.php | Render the media on the frontend. |
WP_Widget_Media_Image::__construct()wp-includes/widgets/class-wp-widget-media-image.php | Constructor. |
wp_print_community_events_markup()wp-admin/includes/dashboard.php | Prints the markup for the Community Events section of the Events and News Dashboard widget. |
wp_dashboard_events_news()wp-admin/includes/dashboard.php | Renders the Events and News dashboard widget. |
the_header_video_url()wp-includes/theme.php | Displays header video URL. |
wp_resource_hints()wp-includes/general-template.php | Prints resource hints to browsers for pre-fetching, pre-rendering and pre-connecting to websites. |
network_edit_site_nav()wp-admin/includes/ms.php | Outputs the HTML for a network’s “Edit Site” tabular interface. |
the_embed_site_title()wp-includes/embed.php | Prints the necessary markup for the site title in an embed template. |
get_custom_logo()wp-includes/general-template.php | Returns a custom logo, linked to home unless the theme supports removing the link on the home page. |
WP_Customize_Site_Icon_Control::content_template()wp-includes/customize/class-wp-customize-site-icon-control.php | Renders a JS template for the content of the site icon control. |
rest_output_rsd()wp-includes/rest-api.php | Adds the REST API URL to the WP RSD endpoint. |
rest_output_link_wp_head()wp-includes/rest-api.php | Outputs the REST API link tag into page header. |
wp_filter_oembed_result()wp-includes/embed.php | Filters the given oEmbed HTML. |
wp_embed_excerpt_more()wp-includes/embed.php | Filters the string in the ‘more’ link displayed after a trimmed excerpt. |
wp_oembed_add_discovery_links()wp-includes/embed.php | Adds oEmbed discovery links in the head element of the website. |
get_post_embed_html()wp-includes/embed.php | Retrieves the embed code for a specific post. |
get_the_author_posts_link()wp-includes/author-template.php | Retrieves an HTML link to the author page of the current post’s author. |
the_post_thumbnail_url()wp-includes/post-thumbnail-template.php | Displays the post thumbnail URL. |
WP_Posts_List_Table::get_edit_link()wp-admin/includes/class-wp-posts-list-table.php | Creates a link to edit.php with params. |
wp_site_icon()wp-includes/general-template.php | Displays site icon meta tags. |
site_icon_url()wp-includes/general-template.php | Displays the Site Icon URL. |
WP_Posts_List_Table::handle_row_actions()wp-admin/includes/class-wp-posts-list-table.php | Generates and displays row action links. |
WP_MS_Themes_List_Table::column_name()wp-admin/includes/class-wp-ms-themes-list-table.php | Handles the name column output. |
WP_Comments_List_Table::handle_row_actions()wp-admin/includes/class-wp-comments-list-table.php | Generates and displays row actions links. |
WP_MS_Sites_List_Table::handle_row_actions()wp-admin/includes/class-wp-ms-sites-list-table.php | Generates and displays row action links. |
WP_MS_Sites_List_Table::column_blogname()wp-admin/includes/class-wp-ms-sites-list-table.php | Handles the site name column output. |
WP_MS_Sites_List_Table::column_users()wp-admin/includes/class-wp-ms-sites-list-table.php | Handles the users column output. |
WP_Terms_List_Table::handle_row_actions()wp-admin/includes/class-wp-terms-list-table.php | Generates and displays row action links. |
WP_MS_Users_List_Table::handle_row_actions()wp-admin/includes/class-wp-ms-users-list-table.php | Generates and displays row action links. |
WP_MS_Users_List_Table::column_username()wp-admin/includes/class-wp-ms-users-list-table.php | Handles the username column output. |
WP_MS_Users_List_Table::column_email()wp-admin/includes/class-wp-ms-users-list-table.php | Handles the email column output. |
WP_MS_Users_List_Table::column_blogs()wp-admin/includes/class-wp-ms-users-list-table.php | Handles the sites column output. |
WP_Media_List_Table::column_author()wp-admin/includes/class-wp-media-list-table.php | Handles the author column output. |
WP_Media_List_Table::column_default()wp-admin/includes/class-wp-media-list-table.php | Handles output for the default column. |
WP_Customize_Theme_Control::content_template()wp-includes/customize/class-wp-customize-theme-control.php | Render a JS template for theme display. |
customize_themes_print_templates()wp-admin/includes/theme.php | Prints JS templates for the theme-browsing UI in the Customizer. |
wp_admin_canonical_url()wp-admin/includes/misc.php | Removes single-use URL parameters and create canonical link based on new URL. |
WP_Customize_Manager::remove_panel()wp-includes/class-wp-customize-manager.php | Removes a customize panel. |
login_footer()wp-login.php | Outputs the footer for the login page. |
retrieve_password()wp-includes/user.php | Handles sending a password retrieval email to a user. |
login_header()wp-login.php | Outputs the login page header. |
signup_another_blog()wp-signup.php | Shows a form for returning users to sign up for another site. |
confirm_another_blog_signup()wp-signup.php | Shows a message confirming that the new site has been created. |
network_step2()wp-admin/includes/network.php | Prints step 2 for Network installation process. |
wp_prepare_themes_for_js()wp-admin/includes/theme.php | Prepares themes for JavaScript. |
get_theme_update_available()wp-admin/includes/theme.php | Retrieves the update link if there is a theme update available. |
WP_Screen::render_screen_meta()wp-admin/includes/class-wp-screen.php | Renders the screen’s help section. |
WP_Plugins_List_Table::single_row()wp-admin/includes/class-wp-plugins-list-table.php | |
WP_Plugins_List_Table::no_items()wp-admin/includes/class-wp-plugins-list-table.php | |
install_themes_upload()wp-admin/includes/theme-install.php | Displays a form to upload themes from zip files. |
Theme_Upgrader_Skin::after()wp-admin/includes/class-theme-upgrader-skin.php | Performs an action following a single theme update. |
Theme_Installer_Skin::after()wp-admin/includes/class-theme-installer-skin.php | Performs an action following a single theme install. |
WP_List_Table::view_switcher()wp-admin/includes/class-wp-list-table.php | Displays a view switcher. |
WP_List_Table::comments_bubble()wp-admin/includes/class-wp-list-table.php | Displays a comment count bubble. |
WP_List_Table::pagination()wp-admin/includes/class-wp-list-table.php | Displays the pagination. |
WP_List_Table::print_column_headers()wp-admin/includes/class-wp-list-table.php | Prints column headers, accounting for hidden and sortable columns. |
_access_denied_splash()wp-admin/includes/ms.php | Displays an access denied message when a user tries to view a site’s dashboard they do not have access to. |
site_admin_notice()wp-admin/includes/ms.php | Displays an admin notice to upgrade all sites after a core upgrade. |
choose_primary_blog()wp-admin/includes/ms.php | Handles the display of choosing a user’s primary site. |
update_option_new_admin_email()wp-admin/includes/misc.php | Sends a confirmation request email when a change of site admin email address is attempted. |
send_confirmation_on_profile_email()wp-includes/user.php | Sends a confirmation request email when a change of user email address is attempted. |
wp_image_editor()wp-admin/includes/image-edit.php | Loads the WP image-editing interface. |
WP_MS_Themes_List_Table::get_views()wp-admin/includes/class-wp-ms-themes-list-table.php | |
admin_color_scheme_picker()wp-admin/includes/misc.php | Displays the default admin color scheme picker (Used in user-edit.php). |
WP_Theme_Install_List_Table::install_theme_info()wp-admin/includes/class-wp-theme-install-list-table.php | Prints the info for a theme (to be used in the theme installer modal). |
WP_Theme_Install_List_Table::single_row()wp-admin/includes/class-wp-theme-install-list-table.php | Prints a theme from the WordPress.org API. |
WP_Theme_Install_List_Table::theme_installer_single()wp-admin/includes/class-wp-theme-install-list-table.php | Prints the wrapper for the theme installer with a provided theme’s data. |
update_nag()wp-admin/includes/update.php | Returns core update notification message. |
wp_plugin_update_row()wp-admin/includes/update.php | Displays update information for a plugin. |
wp_theme_update_row()wp-admin/includes/update.php | Displays update information for a theme. |
wp_welcome_panel()wp-admin/includes/dashboard.php | Displays a welcome panel to introduce users to WordPress. |
install_dashboard()wp-admin/includes/plugin-install.php | Displays the Featured tab of Add Plugins screen. |
install_plugins_upload()wp-admin/includes/plugin-install.php | Displays a form to upload plugins from zip files. |
install_plugin_information()wp-admin/includes/plugin-install.php | Displays plugin information in dialog box form. |
wp_dashboard_quota()wp-admin/includes/dashboard.php | Displays file upload quota on dashboard. |
wp_dashboard_browser_nag()wp-admin/includes/dashboard.php | Displays the browser update nag. |
wp_dashboard_plugins_output()wp-admin/includes/deprecated.php | Display plugins text for the WordPress news widget. |
wp_add_dashboard_widget()wp-admin/includes/dashboard.php | Adds a new dashboard widget. |
wp_network_dashboard_right_now()wp-admin/includes/dashboard.php | |
wp_dashboard_quick_press()wp-admin/includes/dashboard.php | Displays the Quick Draft widget. |
wp_dashboard_recent_drafts()wp-admin/includes/dashboard.php | Show recent drafts of the user on the dashboard. |
_wp_dashboard_recent_comments_row()wp-admin/includes/dashboard.php | Outputs a row for the Recent Comments widget. |
wp_install_defaults()wp-admin/includes/upgrade.php | Creates the initial content for a newly-installed site. |
menu_page_url()wp-admin/includes/plugin.php | Gets the URL to access a particular menu page based on the slug it was registered with. |
_get_plugin_data_markup_translate()wp-admin/includes/plugin.php | Sanitizes plugin data, optionally adds markup, optionally translates. |
default_password_nag()wp-admin/includes/user.php | |
WP_Plugin_Install_List_Table::display_rows()wp-admin/includes/class-wp-plugin-install-list-table.php | |
wp_import_upload_form()wp-admin/includes/template.php | Outputs the form used by the importers to accept the data to be imported. |
WP_Themes_List_Table::display_rows()wp-admin/includes/class-wp-themes-list-table.php | |
WP_Users_List_Table::single_row()wp-admin/includes/class-wp-users-list-table.php | Generates HTML for a single row on the users.php admin panel. |
WP_Users_List_Table::get_views()wp-admin/includes/class-wp-users-list-table.php | Returns an associative array listing all the views that can be used with this table. |
media_upload_type_form()wp-admin/includes/media.php | Outputs the legacy media upload form for a given media type. |
media_upload_type_url_form()wp-admin/includes/media.php | Outputs the legacy media upload form for external media. |
media_upload_gallery_form()wp-admin/includes/media.php | Adds gallery form to upload iframe. |
media_upload_library_form()wp-admin/includes/media.php | Outputs the legacy media upload form for the media library. |
media_upload_max_image_resize()wp-admin/includes/media.php | Displays the checkbox to scale images. |
edit_form_image_editor()wp-admin/includes/media.php | Displays the image and editor in the post editor |
attachment_submitbox_metadata()wp-admin/includes/media.php | Displays non-editable attachment metadata in the publish meta box. |
wp_media_upload_handler()wp-admin/includes/media.php | Handles the process of uploading media. |
image_link_input_fields()wp-admin/includes/media.php | Retrieves HTML for the Link URL buttons with the default link type as specified. |
the_media_upload_tabs()wp-admin/includes/media.php | Outputs the legacy media upload tabs UI. |
get_image_send_to_editor()wp-admin/includes/media.php | Retrieves the image HTML to send to the editor. |
get_sample_permalink_html()wp-admin/includes/post.php | Returns the HTML of the sample permalink slug editor. |
_wp_post_thumbnail_html()wp-admin/includes/post.php | Returns HTML for the post thumbnail meta box. |
_admin_notice_post_locked()wp-admin/includes/post.php | Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post. |
wp_ajax_send_attachment_to_editor()wp-admin/includes/ajax-actions.php | Handles sending an attachment to the editor via AJAX. |
wp_ajax_send_link_to_editor()wp-admin/includes/ajax-actions.php | Handles sending a link to the editor via AJAX. |
update_core()wp-admin/includes/update-core.php | Upgrades the core of WordPress. |
wp_link_manager_disabled_message()wp-admin/includes/bookmark.php | Outputs the ‘disabled’ message for the WordPress Link Manager. |
post_submit_meta_box()wp-admin/includes/meta-boxes.php | Displays post submit form fields. |
edit_link()wp-admin/includes/bookmark.php | Updates or inserts a link using values provided in $_POST. |
get_default_link_to_edit()wp-admin/includes/bookmark.php | Retrieves the default link for editing. |
WP_Media_List_Table::_get_row_actions()wp-admin/includes/class-wp-media-list-table.php | |
WP_Comments_List_Table::column_author()wp-admin/includes/class-wp-comments-list-table.php | |
WP_Comments_List_Table::column_date()wp-admin/includes/class-wp-comments-list-table.php | |
WP_Comments_List_Table::get_views()wp-admin/includes/class-wp-comments-list-table.php | |
WP_Comments_List_Table::column_comment()wp-admin/includes/class-wp-comments-list-table.php | |
WP_Terms_List_Table::column_name()wp-admin/includes/class-wp-terms-list-table.php | |
WP_Terms_List_Table::column_posts()wp-admin/includes/class-wp-terms-list-table.php | |
Walker_Nav_Menu_Edit::start_el()wp-admin/includes/class-walker-nav-menu-edit.php | Start the element output. |
wp_nav_menu_item_post_type_meta_box()wp-admin/includes/nav-menu.php | Displays a meta box for a post type menu item. |
wp_nav_menu_item_taxonomy_meta_box()wp-admin/includes/nav-menu.php | Displays a meta box for a taxonomy menu item. |
request_filesystem_credentials()wp-admin/includes/file.php | Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem. |
wp_widget_control()wp-admin/includes/widgets.php | Meta widget used to display the control form for a widget. |
WP_Posts_List_Table::get_views()wp-admin/includes/class-wp-posts-list-table.php | |
get_comment_to_edit()wp-admin/includes/comment.php | Returns a WP_Comment object based on comment ID. |
_wp_credits_add_profile_link()wp-admin/includes/credits.php | Retrieves the link to a contributor’s WordPress.org profile page. |
_wp_credits_build_object_link()wp-admin/includes/credits.php | Retrieves the link to an external library used in WordPress. |
Custom_Image_Header::step_1()wp-admin/includes/class-custom-image-header.php | Displays first step of custom header image page. |
Custom_Image_Header::step_2()wp-admin/includes/class-custom-image-header.php | Displays second step of custom header image page. |
Custom_Image_Header::show_header_selector()wp-admin/includes/class-custom-image-header.php | Displays UI for selecting one of several default headers. |
confirm_delete_users()wp-admin/includes/ms.php | |
list_core_update()wp-admin/update-core.php | Lists available core updates. |
core_upgrade_preamble()wp-admin/update-core.php | Display upgrade WordPress for downloading latest or upgrading automatically form. |
list_plugin_updates()wp-admin/update-core.php | Display the upgrade plugins form. |
list_theme_updates()wp-admin/update-core.php | Display the upgrade themes form. |
list_translation_updates()wp-admin/update-core.php | Display the update translations form. |
do_core_upgrade()wp-admin/update-core.php | Upgrades WordPress core display. |
Custom_Background::admin_page()wp-admin/includes/class-custom-background.php | Displays the custom background page. |
_wp_menu_output()wp-admin/menu-header.php | Display menu. |
WP_Customize_Manager::register_controls()wp-includes/class-wp-customize-manager.php | Registers some default controls. |
WP_Styles::_css_href()wp-includes/class-wp-styles.php | Generates an enqueued style’s fully-qualified URL. |
Walker_Category::start_el()wp-includes/class-walker-category.php | Starts the element output. |
get_the_term_list()wp-includes/category-template.php | Retrieves a post’s terms as a list with specified format. |
wp_generate_tag_cloud()wp-includes/category-template.php | Generates a tag cloud (heatmap) from provided data. |
wp_customize_url()wp-includes/theme.php | Returns a URL to load the Customizer. |
get_the_category_list()wp-includes/category-template.php | Retrieves category list for a post in either HTML list or custom format. |
wp_list_categories()wp-includes/category-template.php | Displays or retrieves the HTML list of categories. |
_wp_customize_loader_settings()wp-includes/theme.php | Adds settings for the customize-loader script. |
header_image()wp-includes/theme.php | Displays header image URL. |
_make_url_clickable_cb()wp-includes/formatting.php | Callback to convert URI match to HTML A element. |
_make_web_ftp_clickable_cb()wp-includes/formatting.php | Callback to convert URL match to HTML A element. |
translate_smiley()wp-includes/formatting.php | Converts one smiley code to the icon graphic file equivalent. |
get_avatar()wp-includes/pluggable.php | Retrieves the avatar |
paginate_links()wp-includes/general-template.php | Retrieves paginated links for archive post pages. |
wp_admin_css()wp-includes/general-template.php | Enqueues or directly prints a stylesheet link to the specified CSS file. |
feed_links()wp-includes/general-template.php | Displays the links to the general feeds. |
feed_links_extra()wp-includes/general-template.php | Displays the links to the extra feeds such as category feeds. |
rsd_link()wp-includes/general-template.php | Displays the link to the Really Simple Discovery service endpoint. |
get_archives_link()wp-includes/general-template.php | Retrieves archive link content based on predefined or custom code. |
wp_loginout()wp-includes/general-template.php | Displays the Log In/Out link. |
wp_login_form()wp-includes/general-template.php | Provides a simple login form for use anywhere within WordPress. |
wp_register()wp-includes/general-template.php | Displays the Registration or Admin link. |
get_search_form()wp-includes/general-template.php | Displays search form. |
get_index_rel_link()wp-includes/deprecated.php | Get site index relational link. |
clean_url()wp-includes/deprecated.php | Checks and cleans a URL. |
sanitize_url()wp-includes/formatting.php | Sanitizes a URL for database or redirect usage. |
comments_rss()wp-includes/deprecated.php | Return link to the post RSS feed. |
get_links()wp-includes/deprecated.php | Gets the links associated with category by ID. |
WP_Theme::markup_header()wp-includes/class-wp-theme.php | Marks up a theme header. |
wp_auth_check_html()wp-includes/functions.php | Outputs the HTML that shows the wp-login dialog when the user is no longer logged in. |
wp_nonce_ays()wp-includes/functions.php | Displays “Are You Sure” message to confirm the action being taken. |
_default_wp_die_handler()wp-includes/functions.php | Kills WordPress execution and displays HTML page with an error message. |
wp_referer_field()wp-includes/functions.php | Retrieves or displays referer hidden field for forms. |
WP_Widget_RSS::widget()wp-includes/widgets/class-wp-widget-rss.php | Outputs the content for the current RSS widget instance. |
WP_Widget_Recent_Comments::widget()wp-includes/widgets/class-wp-widget-recent-comments.php | Outputs the content for the current Recent Comments widget instance. |
WP_Widget_Categories::widget()wp-includes/widgets/class-wp-widget-categories.php | Outputs the content for the current Categories widget instance. |
WP_Widget_Meta::widget()wp-includes/widgets/class-wp-widget-meta.php | Outputs the content for the current Meta widget instance. |
wp_widget_rss_output()wp-includes/widgets.php | Display the RSS entries in a list. |
wp_widget_rss_form()wp-includes/widgets.php | Display RSS widget options form. |
wp_widget_rss_process()wp-includes/widgets.php | Process RSS feed widget data and optionally retrieve feed items. |
WP_Embed::maybe_make_link()wp-includes/class-wp-embed.php | Conditionally makes a hyperlink based on an internal class variable. |
WP_Embed::maybe_run_ajax_cache()wp-includes/class-wp-embed.php | If a post/page was saved, then output JavaScript to make an Ajax request that will call WP_Embed::cache_oembed(). |
rel_canonical()wp-includes/link-template.php | Outputs rel=canonical for singular queries. |
wp_shortlink_wp_head()wp-includes/link-template.php | Injects rel=shortlink into the head if a shortlink is defined for the current page. |
the_shortlink()wp-includes/link-template.php | Displays the shortlink for a post. |
get_next_comments_link()wp-includes/link-template.php | Retrieves the link to the next comments page. |
get_previous_comments_link()wp-includes/link-template.php | Retrieves the link to the previous comments page. |
get_pagenum_link()wp-includes/link-template.php | Retrieves the link for a page number. |
next_posts()wp-includes/link-template.php | Displays or retrieves the next posts page link. |
previous_posts()wp-includes/link-template.php | Displays or retrieves the previous posts page link. |
edit_post_link()wp-includes/link-template.php | Displays the edit post link for post. |
edit_comment_link()wp-includes/link-template.php | Displays the edit comment link with formatting. |
edit_bookmark_link()wp-includes/link-template.php | Displays the edit bookmark link anchor content. |
the_feed_link()wp-includes/link-template.php | Displays the permalink for the feed type. |
post_comments_feed_link()wp-includes/link-template.php | Displays the comment feed link for a post. |
WP_Admin_Bar::_render_item()wp-includes/class-wp-admin-bar.php | |
the_permalink()wp-includes/link-template.php | Displays the permalink for the current post. |
wp_version_check()wp-includes/update.php | Checks WordPress version against the newest version. |
WP_oEmbed::data2html()wp-includes/class-wp-oembed.php | Converts a data object from WP_oEmbed::fetch() and returns the HTML. |
wp_admin_bar_my_sites_menu()wp-includes/admin-bar.php | Adds the “My Sites/[Site Name]” menu and all submenus. |
wp_admin_bar_edit_menu()wp-includes/admin-bar.php | Provides an edit link for posts and terms. |
wp_admin_bar_search_menu()wp-includes/admin-bar.php | Adds search form. |
rss_enclosure()wp-includes/feed.php | Displays the rss enclosure for the current post. |
atom_enclosure()wp-includes/feed.php | Displays the atom enclosure for the current post. |
self_link()wp-includes/feed.php | Displays the link for the currently displayed feed in a XSS safe way. |
the_permalink_rss()wp-includes/feed.php | Displays the permalink to the post for use in feeds. |
comments_link_feed()wp-includes/feed.php | Outputs the link to the comments for the current post in an XML safe way. |
comment_guid()wp-includes/feed.php | Displays the feed GUID for the current comment. |
comment_link()wp-includes/feed.php | Displays the link to the comments. |
sanitize_user_field()wp-includes/user.php | Sanitizes user field based on context. |
_walk_bookmarks()wp-includes/bookmark-template.php | The formatted output of a list of bookmarks. |
Walker_Page::start_el()wp-includes/class-walker-page.php | Outputs the beginning of the current element in the tree. |
wp_get_attachment_link()wp-includes/post-template.php | Retrieves an attachment page link using an image or icon, if possible. |
get_the_password_form()wp-includes/post-template.php | Retrieves protected post password form content. |
_wp_link_page()wp-includes/post-template.php | Helper function for wp_link_pages() . |
wp_page_menu()wp-includes/post-template.php | Displays or retrieves a list of pages with an optional home link. |
wp_embed_handler_audio()wp-includes/embed.php | Audio embed handler callback. |
wp_embed_handler_video()wp-includes/embed.php | Video embed handler callback. |
newblog_notify_siteadmin()wp-includes/ms-functions.php | Notifies the network admin that a new site has been activated. |
newuser_notify_siteadmin()wp-includes/ms-functions.php | Notifies the network admin that a new user has been activated. |
wpmu_signup_blog_notification()wp-includes/ms-functions.php | Sends a confirmation request email to a user when they sign up for a new site. The new site will not become active until the confirmation link is clicked. |
get_most_active_blogs()wp-includes/ms-deprecated.php | Deprecated functionality to retrieve a list of the most active sites. |
get_the_author_link()wp-includes/author-template.php | Retrieves either author’s link or author’s name. |
wp_list_authors()wp-includes/author-template.php | Lists all the authors of the site, with several options available. |
get_blogaddress_by_id()wp-includes/ms-blogs.php | Gets a full site URL, given a site ID. |
get_blogaddress_by_name()wp-includes/ms-blogs.php | Gets a full site URL, given a site name. |
wp_rss()wp-includes/rss.php | Display all RSS items in a HTML ordered list. |
Walker_Comment::comment()wp-includes/class-walker-comment.php | Outputs a single comment. |
Walker_Comment::html5_comment()wp-includes/class-walker-comment.php | Outputs a comment in the HTML5 format. |
get_cancel_comment_reply_link()wp-includes/comment-template.php | Retrieves HTML content for cancel comment reply link. |
comment_form()wp-includes/comment-template.php | Outputs a complete commenting form for use within a template. |
comments_popup_link()wp-includes/comment-template.php | Displays the link to the comments for the current post ID. |
get_comment_reply_link()wp-includes/comment-template.php | Retrieves HTML content for reply to comment link. |
comments_template()wp-includes/comment-template.php | Loads the comment template specified in $file. |
comments_link()wp-includes/comment-template.php | Displays the link to the current post comments. |
get_comment_text()wp-includes/comment-template.php | Retrieves the text of the current comment. |
get_comment_author_email_link()wp-includes/comment-template.php | Returns the HTML email link to the author of the current comment. |
get_comment_author_url()wp-includes/comment-template.php | Retrieves the URL of the author of the current comment, not linked. |
wp_default_scripts()wp-includes/script-loader.php | Registers all WordPress scripts. |
wp_set_comment_cookies()wp-includes/comment.php | Sets the cookies used to store an unauthenticated commentator’s identity. Typically used to recall previous comments by this commentator that are still held in moderation. |
wp_print_media_templates()wp-includes/media-template.php | Prints the templates used in the media manager. |
Changelog
Version | Description |
---|---|
2.8.0 | Introduced. |
Adding a link to home
As featured in the Twenty Thirteen theme, although simplified for the sake of the example
If the URI protocol is not one of the allowed protocols, the result of
esc_url()
is an empty string. The list of default protocols allowed by WordPress can be extended with the following code:Escaping the “img” tag’s “src” attribute is also something that this function should be used for:
It should also be used for the “form” tag “action” attribute: