What is the better for call files: bloginfo() or echo esc_url()?

Note that bloginfo('template_url') is a wrapper for get_template_directory_uri().

It doesn’t seems to explicitly escape it, though.

It’s better to escape it in your example.

Here are two examples how we can break the HTML in the case it’s not escaped:

Break Example #1

add_filter( 'template_directory_uri', function( $uri )
{
    return $uri .'">';
} );

Break Example #2

add_filter( 'bloginfo_url', function( $output )
{
    return $output .'">';
} );

So the suggestion:

echo esc_url( get_template_directory_uri() );

is safer than use it unescaped.

The get_template_directory_uri() and get_stylesheet_directory_uri() are commonly used core functions, where the latter is child-theme aware.

New functions in WordPress 4.7

There will be new functions introduced to e.g. make it easier to reference and override parent theme files

Let’s take a look inside two of them:

  • The new get_theme_file_uri( $file ) function is child-theme aware and uses bothget_template_directory_uri() and get_stylesheet_directory_uri() to construct the correct file URL. 

    if ( empty( $file ) ) {
    $url = get_stylesheet_directory_uri();
} elseif ( file_exists( get_stylesheet_directory() . "https://wordpress.stackexchange.com/" . $file ) ) {
    $url = get_stylesheet_directory_uri() . "https://wordpress.stackexchange.com/" . $file;
} else {
    $url = get_template_directory_uri() . "https://wordpress.stackexchange.com/" . $file;
}

    where $file is the function’s input.

    Let’s try to describe the above logic in few words, to better understand it:

    • For an empty file input, get_theme_file_uri(), it’s the same as: get_stylesheet_directory_uri().

    • If there’s a child theme that overrides the file, then it’s get_stylesheet_directory_uri() . "https://wordpress.stackexchange.com/" . $file;

    • If there’s a child theme that doesn’t override the file (it doesn’t exist in the child theme ) then it’s the parent file fallback: get_template_directory_uri() . "https://wordpress.stackexchange.com/" . $file;

    • If there’s no child theme and the file exists, then it’s get_stylesheet_directory_uri() . "https://wordpress.stackexchange.com/" . $file;

    • If there’s no child theme, and the file doesn’t exists, then it’s get_template_directory_uri() . "https://wordpress.stackexchange.com/" . $file;

  • The new get_parent_theme_file_uri( $file ) function, on the other hand, uses only get_template_directory_uri():

    if ( empty( $file ) ) {
    $url = get_template_directory_uri();
} else {
    $url = get_template_directory_uri() . "https://wordpress.stackexchange.com/" . $file;
}

    This is to construct the file URL within the parent theme, as the name suggests.

  • Similarly there are corresponding functions for the path instead of url: get_file_directory_path() and get_parent_file_directory_path().

We should also note that it doesn’t matter if $file starts with a forward slash / or not, that’s taken care of with a masked ltrim:

$file = ltrim( $file, "https://wordpress.stackexchange.com/" );

See ticket #18302 for more info.

Example:

So in WordPress 4.7+ we could try:

<img src="https://wordpress.stackexchange.com/questions/245707/<?php echo esc_url( get_theme_file_uri("static/img/logo.svg') ); ?>">

or for the parent theme file location, depending on the needs:

<img src="https://wordpress.stackexchange.com/questions/245707/<?php echo esc_url( get_parent_theme_file_uri("static/img/logo.svg') ); ?>">

It would be nice though to have the corresponding the_* functions as well to simplify things:

<img src="https://wordpress.stackexchange.com/questions/245707/<?php the_theme_file_uri("static/img/logo.svg') ); ?>">

<img src="<?php the_parent_theme_file_uri('static/img/logo.svg') ); ?>">

where they would include the escaping, similar to how the_permalink() escapes the filtered output from get_permalink().

Related Posts:

  1. List of Body Classes Generated by body_class()
  2. Is there a way to direct unregistered user to registration page when click a link?
  3. Missing feature image link function
  4. How to customize the_archive_title()?
  5. How to override parent functions in child themes?
  6. Get menu object from theme_location
  7. Displaying the number of updates available in the Admin area
  8. Trying to use add_action and do_action with parameters
  9. Safe to disable wptexturize?
  10. Get a list of all available fields in the User Profile
  11. How do I use the WP image functions in a page template?
  12. How to remove Customize from admin menu bar after WP 4.3
  13. Targeting specific menu with wp_nav_menu_items
  14. why doesnt is_home() work in functions.php
  15. Insert Ad Code in the Middle of a Post
  16. Enabling shortcodes for custom fields
  17. Passing variables to templates (alternatives to globalizing variables)
  18. Load post with a different template?
  19. Add options to featured image
  20. disable comments if array exists
  21. WordPress Change Post Templates,but not drop down, but Image selection
  22. Programmatically Add Font-Awesome Icons to Category Widget
  23. Remove images from get_the_excerpt
  24. Remove “says” from comments
  25. Reuse variable in hook callback
  26. Dynamically Register Sidebars For Each Top Level Page
  27. Run Product Filter Javascript On Page Template
  28. Most efficient way to get custom database records from 20 buttons and 20 tables?
  29. Can you use admin pages functionality on the frontend of your site
  30. How to add a column to the Trash page?
  31. Display more recent and less recent posts in same category
  32. Overwrite Parent Theme add_image_size in Child Theme
  33. Custom registration URL lost when user makes signup mistake
  34. Images uploaded using media uploader are appearing upside down
  35. Individually styling date month year [closed]
  36. Tiny MCE-modifications (plugins) stopped working in WordPress 5.6
  37. Can’t check if a post has thumbnail adding filter to get_post_metadata()
  38. Writing functions in WordPress functions.php that don’t replace a WordPress core function
  39. How to hook into a function offered by a plugin?
  40. Echo tags used to describe the theme
  41. HTTP_HOST changing in functions.php
  42. Change position of media in admin menu
  43. How to Display Frontend CSS for Administrator only
  44. How can I remove the main description text box in a Woocommerce product editor page? I only use the “Product short description” text box [closed]
  45. Automatically assign video ‘poster’ value to ‘filename’ for archive listing
  46. show first 3 thumbnails of posts in different sizes [closed]
  47. Getting custom image size URL in functions
  48. new_excerpt_more link not working properly
  49. Where to add the permalink in this function?
  50. WordPress function saves a post twice and updates all posts
  51. Change CSS for logged in users
  52. Always the Latest google jQuery instead of default WordPress jQuery
  53. if statement for wordpress default featured image on single post
  54. Function to display post by specific author
  55. Override the WordPress core function wp_referer_field
  56. Return category name with & Ampersand doesnt work
  57. Control the srcset much more (not all sizes in it each time)
  58. Warning: join(): Invalid arguments passed in post-template.php
  59. javascript and css links not working on sever
  60. is_page() or is_single not working
  61. What are the meta fields for an attachment?
  62. Can’t locate custom image sizes defined by child theme
  63. how to change “posted by” words
  64. Add attribute only to first image of every post via functions.php
  65. WordPress can’t get jquery/unslider to work
  66. Replace admin header logo with an image
  67. template_redirect action only firing if logged in
  68. Unable to use get_page_by_title() more than once per page?
  69. Featured Image and Tags problem
  70. Advanced method to control cache of enqueued style/script
  71. How to require a config file in a template and in function.php?
  72. Issue passing action class to nested function. Admin Columns
  73. Populate Product Regular Price with a calculated ACF Field Value
  74. Header menu aligned right on all pages except for single-post page [closed]
  75. large image size of 1440×1440 not pulling 2x of 2880×2880 image
  76. How to make the RTL.css the dominant css code?
  77. Auto remove tags on certain date
  78. get_field() with ID in one signal filter not working
  79. Remove External Links from WordPress posts Using add_filter() in Theme functions.php
  80. I’m getting invalid taxonomy in init action
  81. Is there any requirements to do socket programming with WordPress?
  82. Adding A New Widget to WordPress Disables the Existing Widgets
  83. Only seems to be displaying one child when there are supposed to be multiple
  84. Rest API User Levels
  85. adding google analytics via echo or between tags
  86. Slider Thumbnail Size Issue [closed]
  87. same get_posts function works diffrently in tag.php and functions.php
  88. Call custom field using php
  89. WordPress permanently logging users out
  90. Meta Box value not been pulled in
  91. How to Update User Meta Field other than from profile?
  92. Retrieve array of attachment IDs attached to a given Post ID
  93. add_theme_support not outputting thumbnails
  94. More link – not text
  95. update_user_option not working as expected
  96. How do I access variables outside a function [closed]
  97. PHP Notice: Function is_page was called incorrectly. Conditional query tags do not work before the query is run. Before then, they always return false
  98. How do i set global variable in a function in wordpress functions.php
  99. Working function() doesn’t execute when triggered by WP CRON
  100. post_row_actions filter from parent theme not executing in child theme