Changeset 53455 for trunk/src/wp-admin/includes/ajax-actions.php

Timestamp:

06/01/2022 06:12:25 PM (3 years ago)

Author:

SergeyBiryukov

Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:

• trunk/src/wp-admin/includes/ajax-actions.php (modified) (2 diffs)

trunk/src/wp-admin/includes/ajax-actions.php

@@ -432 +432 @@
     $per_page = isset( $_POST['_per_page'] ) ? (int) $_POST['_per_page'] : 0;
     $page     = isset( $_POST['_page'] ) ? (int) $_POST['_page'] : 0;
-    $url      = isset( $_POST['_url'] ) ? esc_url_raw( $_POST['_url'] ) : '';
+    $url      = isset( $_POST['_url'] ) ? sanitize_url( $_POST['_url'] ) : '';
 
     // JS didn't send us everything we need to know. Just die with success message.
@@ -3334 +3334 @@
     }
 
-    $src = esc_url_raw( $src );
+    $src = sanitize_url( $src );
     if ( ! $src ) {
         wp_send_json_error();