Make WordPress Core


Ignore:
Timestamp:
06/01/2022 06:12:25 PM (2 years ago)
Author:
SergeyBiryukov
Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/privacy-tools.php

    r51662 r53455  
    707707
    708708    $content = str_replace( '###EXPIRATION###', $expiration_date, $content );
    709     $content = str_replace( '###LINK###', esc_url_raw( $export_file_url ), $content );
     709    $content = str_replace( '###LINK###', sanitize_url( $export_file_url ), $content );
    710710    $content = str_replace( '###EMAIL###', $request_email, $content );
    711711    $content = str_replace( '###SITENAME###', $site_name, $content );
    712     $content = str_replace( '###SITEURL###', esc_url_raw( $site_url ), $content );
     712    $content = str_replace( '###SITEURL###', sanitize_url( $site_url ), $content );
    713713
    714714    $headers = '';
Note: See TracChangeset for help on using the changeset viewer.