
<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I wasn't trolling, just wasn't aware that get_the_premalink was added in 3.9 and I stand corrected!</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">

<br></div><div class="gmail_default" style><font face="arial, helvetica, sans-serif"><a href="https://developer.wordpress.org/reference/functions/get_the_permalink/">https://developer.wordpress.org/reference/functions/get_the_permalink/</a></font><br>

</div><div class="gmail_default" style><font face="arial, helvetica, sans-serif"><br></font></div><div class="gmail_default" style><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 29, 2014 at 7:46 PM, Zack Tollman <span dir="ltr"><<a href="mailto:tollmanz@gmail.com" target="_blank">tollmanz@gmail.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Are you trolling me, Emil? ;)<div><br></div><div>`get_the_permalink()` was added in 3.9.0 to be more consistent with other template tags (e.g., `get_the_title()`, not `get_title()`). It is just a synonym for `get_permalink()`. You shouldn't use it for themes unless you plan to not support < 3.9.0. You can see it in all its glory here: <a href="https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L99" target="_blank">https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L99</a>.</div>


<div><br></div><div>Here is `get_permalink()`: <a href="https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L112" target="_blank">https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L112</a>. The function concludes with: <a href="https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L231" target="_blank">https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L231</a>. At no point is it escaped. When core uses the function for echoing to the screen, it escapes `get_permalink()` (<a href="https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L22" target="_blank">https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L22</a>).</div>


<div><br></div><div>It's SO not escaped.</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 29, 2014 at 5:35 PM, Emil Uzelac <span dir="ltr"><<a href="mailto:emil@uzelac.me" target="_blank">emil@uzelac.me</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">the_permalink and get_permalink are both escaped and get_the_premalink does not exist :)</div>


</div><div><div><div class="gmail_extra"><br><br>

<div class="gmail_quote">On Fri, Aug 29, 2014 at 7:30 PM, Zack Tollman <span dir="ltr"><<a href="mailto:tollmanz@gmail.com" target="_blank">tollmanz@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div dir="ltr">That function is `the_permalink()`, which concludes by calling and escaping `get_permalink()`: <a href="https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L22" target="_blank">https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L22</a>. `get_permalink()`, on the other hand, is never escaped: <a href="https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L112" target="_blank">https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L112</a></div>


<div><div>

<div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 29, 2014 at 5:25 PM, Emil Uzelac <span dir="ltr"><<a href="mailto:emil@uzelac.me" target="_blank">emil@uzelac.me</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">No, get_permalink is escaped: <a href="https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L14" target="_blank">https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L14</a>  </div>


</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 29, 2014 at 7:22 PM, Zack Tollman <span dir="ltr"><<a href="mailto:tollmanz@gmail.com" target="_blank">tollmanz@gmail.com</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">`the_permalink()` is escaped, but `get_permalink()` (or the newer `get_the_permalink()`) is not escaped and still needs to be escaped.</div>


<div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 29, 2014 at 4:31 PM, Emil Uzelac <span dir="ltr"><<a href="mailto:emil@uzelac.me" target="_blank">emil@uzelac.me</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">And get_permalink does not need one, because it already exist here: <a href="https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L0" target="_blank">https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/link-template.php#L0</a></div>


</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 29, 2014 at 6:30 PM, Emil Uzelac <span dir="ltr"><<a href="mailto:emil@uzelac.me" target="_blank">emil@uzelac.me</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div dir="ltr"><div class="gmail_default"><font face="arial, helvetica, sans-serif">Needs an escape and trailingslash as well <a href="http://codex.wordpress.org/Function_Reference/home_url" target="_blank">http://codex.wordpress.org/Function_Reference/home_url</a></font><br>


</div><div class="gmail_default"><font face="arial, helvetica, sans-serif"><br></font></div><div class="gmail_default"><font face="arial, helvetica, sans-serif"><?php echo esc_url( home_url( '/' ) ); ?><br>


</font></div></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 29, 2014 at 6:26 PM, Yentl Bresseleers <span dir="ltr"><<a href="mailto:hello@design311.com" target="_blank">hello@design311.com</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>Why doesn't home_url() does it for you then?On 30/08/2014 01:25, Tom wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

I believe get_permalink() does it for you.<br>

<br>

-----Original Message-----<br>

From: theme-reviewers [mailto:<a href="mailto:theme-reviewers-bounces@lists.wordpress.org" target="_blank">theme-reviewers-<u></u>bounces@lists.wordpress.org</a>]<br>

On Behalf Of Yentl Bresseleers<br>

Sent: Friday, August 29, 2014 4:24 PM<br>

To: Discussion list for WordPress theme reviewers.<br>

Subject: [theme-reviewers] esc_url() for all links?<br>

<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Themes are required to escape all untrusted links before output using<br>

esc_url(). Escape home_url() in header.php and other similar links<br>

used elsewhere.<br>

</blockquote>

Does that mean we have to pass all links through esc_url()? Even<br>

the_permalink()?<br>

<br>

      echo esc_url(get_permalink());<br>

<br>

Rather than:<br>

<br>

      the_permalink() ?<br>

______________________________<u></u>_________________<br>

theme-reviewers mailing list<br>

<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.<u></u>wordpress.org</a><br>

<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/<u></u>mailman/listinfo/theme-<u></u>reviewers</a><br>

<br>

______________________________<u></u>_________________<br>

theme-reviewers mailing list<br>

<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.<u></u>wordpress.org</a><br>

<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/<u></u>mailman/listinfo/theme-<u></u>reviewers</a><br>

</blockquote>

<br>

______________________________<u></u>_________________<br>

theme-reviewers mailing list<br>

<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.<u></u>wordpress.org</a><br>

<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/<u></u>mailman/listinfo/theme-<u></u>reviewers</a><br>

</div></div></blockquote></div><br></div>

</div></div></blockquote></div><br></div>

</div></div><br>_______________________________________________<br>

theme-reviewers mailing list<br>

<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>

<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>

<br></blockquote></div><br></div>

</div></div><br>_______________________________________________<br>

theme-reviewers mailing list<br>

<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>

<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>

<br></blockquote></div><br></div>

</div></div><br>_______________________________________________<br>

theme-reviewers mailing list<br>

<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>

<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>

<br></blockquote></div><br></div>

</div></div><br>_______________________________________________<br>

theme-reviewers mailing list<br>

<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>

<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>

<br></blockquote></div><br></div>

</div></div><br>_______________________________________________<br>

theme-reviewers mailing list<br>

<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>

<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>

<br></blockquote></div><br></div>

</div></div><br>_______________________________________________<br>

theme-reviewers mailing list<br>

<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>

<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>

<br></blockquote></div><br></div>