Make WordPress Core


Ignore:
Timestamp:
08/10/2021 07:43:33 PM (3 years ago)
Author:
SergeyBiryukov
Message:

General: Restore (un-deprecate) the sanitize_url() function.

A general security rule is "Sanitize when you save, escape when you echo", and for the most part WordPress has well-named functions like sanitize_email() and others, with esc_url_raw() being a single exception that does not follow the naming.

This commit restores the previously deprecated sanitize_url() function as a valid alias of esc_url_raw().

This better aligns with the naming with other sanitize_*() functions:

  • sanitize_bookmark()
  • sanitize_bookmark_field()
  • sanitize_category()
  • sanitize_category_field()
  • sanitize_comment_cookies()
  • sanitize_email()
  • sanitize_file_name()
  • sanitize_hex_color()
  • sanitize_hex_color_no_hash()
  • sanitize_html_class()
  • sanitize_key()
  • sanitize_meta()
  • sanitize_mime_type()
  • sanitize_option()
  • sanitize_post()
  • sanitize_post_field()
  • sanitize_sql_orderby()
  • sanitize_term()
  • sanitize_term_field()
  • sanitize_text_field()
  • sanitize_textarea_field()
  • sanitize_title()
  • sanitize_title_for_query()
  • sanitize_title_with_dashes()
  • sanitize_trackback_urls()
  • sanitize_user()
  • sanitize_user_field()

Follow-up to [11383], [13096].

Props Ipstenu, aadilali.
Fixes #53876.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/deprecated.php

    r51348 r51597  
    20252025
    20262026/**
    2027  * Performs esc_url() for database or redirect usage.
    2028  *
    2029  * @since 2.3.1
    2030  * @deprecated 2.8.0 Use esc_url_raw()
    2031  * @see esc_url_raw()
    2032  *
    2033  * @param string $url The URL to be cleaned.
    2034  * @param array $protocols An array of acceptable protocols.
    2035  * @return string The cleaned URL.
    2036  */
    2037 function sanitize_url( $url, $protocols = null ) {
    2038     _deprecated_function( __FUNCTION__, '2.8.0', 'esc_url_raw()' );
    2039     return esc_url_raw( $url, $protocols );
    2040 }
    2041 
    2042 /**
    20432027 * Checks and cleans a URL.
    20442028 *
Note: See TracChangeset for help on using the changeset viewer.