Make WordPress Core


Ignore:
Timestamp:
06/01/2022 06:12:25 PM (2 years ago)
Author:
SergeyBiryukov
Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r53337 r53455  
    432432    $per_page = isset( $_POST['_per_page'] ) ? (int) $_POST['_per_page'] : 0;
    433433    $page     = isset( $_POST['_page'] ) ? (int) $_POST['_page'] : 0;
    434     $url      = isset( $_POST['_url'] ) ? esc_url_raw( $_POST['_url'] ) : '';
     434    $url      = isset( $_POST['_url'] ) ? sanitize_url( $_POST['_url'] ) : '';
    435435
    436436    // JS didn't send us everything we need to know. Just die with success message.
     
    33343334    }
    33353335
    3336     $src = esc_url_raw( $src );
     3336    $src = sanitize_url( $src );
    33373337    if ( ! $src ) {
    33383338        wp_send_json_error();
Note: See TracChangeset for help on using the changeset viewer.