Make WordPress Core


Ignore:
Timestamp:
06/01/2022 06:12:25 PM (2 years ago)
Author:
SergeyBiryukov
Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/user.php

    r53063 r53455  
    8585            $user->user_url = '';
    8686        } else {
    87             $user->user_url = esc_url_raw( $_POST['url'] );
     87            $user->user_url = sanitize_url( $_POST['url'] );
    8888            $protocols      = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) );
    8989            $user->user_url = preg_match( '/^(' . $protocols . '):/is', $user->user_url ) ? $user->user_url : 'http://' . $user->user_url;
Note: See TracChangeset for help on using the changeset viewer.