Changeset 53455 for trunk/src/wp-includes/rest-api.php

Timestamp:

06/01/2022 06:12:25 PM (3 years ago)

Author:

SergeyBiryukov

Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:

• trunk/src/wp-includes/rest-api.php (modified) (3 diffs)

trunk/src/wp-includes/rest-api.php

@@ -711 +711 @@
         // Requests from file:// and data: URLs send "Origin: null".
         if ( 'null' !== $origin ) {
-            $origin = esc_url_raw( $origin );
+            $origin = sanitize_url( $origin );
         }
         header( 'Access-Control-Allow-Origin: ' . $origin );
@@ -994 +994 @@
     }
 
-    header( sprintf( 'Link: <%s>; rel="https://api.w.org/"', esc_url_raw( $api_root ) ), false );
+    header( sprintf( 'Link: <%s>; rel="https://api.w.org/"', sanitize_url( $api_root ) ), false );
 
     $resource = rest_get_queried_resource_route();
 
     if ( $resource ) {
-        header( sprintf( 'Link: <%s>; rel="alternate"; type="application/json"', esc_url_raw( rest_url( $resource ) ) ), false );
+        header( sprintf( 'Link: <%s>; rel="alternate"; type="application/json"', sanitize_url( rest_url( $resource ) ) ), false );
     }
 }
@@ -2796 +2796 @@
 
             case 'uri':
-                return esc_url_raw( $value );
+                return sanitize_url( $value );
 
             case 'ip':