Make WordPress Core


Ignore:
Timestamp:
06/01/2022 06:12:25 PM (2 years ago)
Author:
SergeyBiryukov
Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/link-template.php

    r52959 r53455  
    23442344 * @param int  $pagenum Optional. Page number. Default 1.
    23452345 * @param bool $escape  Optional. Whether to escape the URL for display, with esc_url(). Defaults to true.
    2346  *                      Otherwise, prepares the URL with esc_url_raw().
     2346 *                      Otherwise, prepares the URL with sanitize_url().
    23472347 * @return string The link URL for the given page number.
    23482348 */
     
    24112411        return esc_url( $result );
    24122412    } else {
    2413         return esc_url_raw( $result );
     2413        return sanitize_url( $result );
    24142414    }
    24152415}
Note: See TracChangeset for help on using the changeset viewer.