Make WordPress Core


Ignore:
Timestamp:
06/01/2022 06:12:25 PM (2 years ago)
Author:
SergeyBiryukov
Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-custom-background.php

    r53183 r53455  
    527527        update_post_meta( $id, '_wp_attachment_is_custom_background', get_option( 'stylesheet' ) );
    528528
    529         set_theme_mod( 'background_image', esc_url_raw( $url ) );
     529        set_theme_mod( 'background_image', sanitize_url( $url ) );
    530530
    531531        $thumbnail = wp_get_attachment_image_src( $id, 'thumbnail' );
    532         set_theme_mod( 'background_image_thumb', esc_url_raw( $thumbnail[0] ) );
     532        set_theme_mod( 'background_image_thumb', sanitize_url( $thumbnail[0] ) );
    533533
    534534        /** This action is documented in wp-admin/includes/class-custom-image-header.php */
     
    619619        $url       = wp_get_attachment_image_src( $attachment_id, $size );
    620620        $thumbnail = wp_get_attachment_image_src( $attachment_id, 'thumbnail' );
    621         set_theme_mod( 'background_image', esc_url_raw( $url[0] ) );
    622         set_theme_mod( 'background_image_thumb', esc_url_raw( $thumbnail[0] ) );
     621        set_theme_mod( 'background_image', sanitize_url( $url[0] ) );
     622        set_theme_mod( 'background_image_thumb', sanitize_url( $thumbnail[0] ) );
    623623        exit;
    624624    }
Note: See TracChangeset for help on using the changeset viewer.