Make WordPress Core


Ignore:
Timestamp:
06/01/2022 06:12:25 PM (2 years ago)
Author:
SergeyBiryukov
Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r53441 r53455  
    711711        // Requests from file:// and data: URLs send "Origin: null".
    712712        if ( 'null' !== $origin ) {
    713             $origin = esc_url_raw( $origin );
     713            $origin = sanitize_url( $origin );
    714714        }
    715715        header( 'Access-Control-Allow-Origin: ' . $origin );
     
    994994    }
    995995
    996     header( sprintf( 'Link: <%s>; rel="https://api.w.org/"', esc_url_raw( $api_root ) ), false );
     996    header( sprintf( 'Link: <%s>; rel="https://api.w.org/"', sanitize_url( $api_root ) ), false );
    997997
    998998    $resource = rest_get_queried_resource_route();
    999999
    10001000    if ( $resource ) {
    1001         header( sprintf( 'Link: <%s>; rel="alternate"; type="application/json"', esc_url_raw( rest_url( $resource ) ) ), false );
     1001        header( sprintf( 'Link: <%s>; rel="alternate"; type="application/json"', sanitize_url( rest_url( $resource ) ) ), false );
    10021002    }
    10031003}
     
    27962796
    27972797            case 'uri':
    2798                 return esc_url_raw( $value );
     2798                return sanitize_url( $value );
    27992799
    28002800            case 'ip':
Note: See TracChangeset for help on using the changeset viewer.