Deprecated clean_url() in favor of esc_url(), and deprecated sanitize_url() in favor of esc_url_raw().
Tagged: API RSS
-
Mark Jaquith
-
Mark Jaquith
Deprecated
wp_specialchars()in favor ofesc_html()(also:esc_html__()andesc_html_e()). Usingwp_specialchars()with more than one param works for backwards compat. Also,esc_html()(orwp_specialchars()with one param) escapes quotes, just likeesc_attr(). This buys security for plugin authors who were mistakenly using a one-paramwp_specialchars()call in an HTML attribute. See this wp-hackers message for more detail. -
Mark Jaquith
Standardizing and shortening the WP security escaping functions.
attribute_escape()is nowesc_attr()Additionally, you can do attribute escaping and translation in one go. Just add the translation function to the end. Like so:
esc_attr__()— translate and return, attribute-escaped.esc_attr_e()— translate and echo, attribute-escaped.
Will be following up with
esc_html(with__()and_e()variants),esc_url(), maybe some more. Will be nice, short, predictable, and allow you do translate/escape in one go without a lot of nested parenthesis.-
Viper007Bond
An
esc_js()or whatnot might be useful to (i.e. an improvedjs_escape()(see #7648).-
Mark Jaquith
Yes, I meant to include that in the list of “coming soon” ones. Though
js_escape()would continue to work, as wouldattribute_escape()andwp_specialchars().Improvements to
esc_js()néejs_escape()are a separate issue — I’ll take a look at that ticket.
-
-
Leandro Vieira Pinho
Why not escape_attr than esc_attr?. Write escape is more intuitive than esc.
Ryan
New API that allows plugins to add sections and fields to settings pages and register new settings along with sanitization callbacks. add_settings_section(), add_settings_field(), register_setting(), unregister_setting()
-
Administrator
Is there backward compatibility with the old API? (add_management_page and add_options_page)
Where can plugin authors find out more about these changes?
-
Ryan
The new API is more for adding to the default settings pages. You’d still use add_options_page() to add a new page. Right now the only docs are the inline phpdoc, which needs to be fleshed out more before release.
Ryan
New wp_page_menu() API that creates a menu of pages. Themes will no longer have to do this for themselves.
-
Joel Goodman
awesome!
-
Xavier
This is very cool, and could prove quite useful for WP-as-CMS websites, but I’ve heard of some that are afraid that implementing such features, generally handled by plugins or theme authors, might bulge the WP core code. One told me this: “I love the concept of having a simple core that you can build anything upon, it’s great. But with these new methods, I’m afraid WP is turning into a Rube Goldberg machine.”
With wp_page_menu, inline editing and threaded comments all going to core, aren’t you afraid you might over-adding features?
-
Muhammad Siyab
fantastic! finally, its here!
-
Rick Beckman
Somewhere a chorus of angels sings.
Hallelujah!
-
TDH
Actually, that really does sound awesome!
-
Steve Meisner
shweeet.
-
matt
is there any example of this in action somewhere that we can check out?
-
lostkore
Great news!
-
marti garaughty
I looking forward to the release of WP 2.7 & child themes, this is just the cherry on the cake. Thx!
-
Ben
Maybe I am being dumb but I don’t understand what this is or why i should be excited? From what people have been saying it’s cool, but the lack of info makes it hard for me to interpret the limited news.
-
Ryan
Ben, it’s not a big deal. It’s almost the same code you use at the top of Regulus for creating the menu. I just packaged it up into wp_page_menu() for convenience. I got tired of seeing this code having to be recreated in theme after theme.
Ryan
Avatar support is now baked in. Themes can use get_avatar() to fetch the avatar for an author or commenter.
Ryan
New API for adding boxes to edit page: add_meta_box()
Lloyd Budd 4:48 pm on May 21, 2009 Permalink |
http://codex.wordpress.org/Data_Validation will need an update.