Make WordPress Core


Ignore:
Timestamp:
06/01/2022 06:12:25 PM (2 years ago)
Author:
SergeyBiryukov
Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/script-loader.php

    r53331 r53455  
    338338        sprintf(
    339339            'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );',
    340             esc_url_raw( get_rest_url() )
     340            sanitize_url( get_rest_url() )
    341341        ),
    342342        'after'
     
    751751        'wpApiSettings',
    752752        array(
    753             'root'          => esc_url_raw( get_rest_url() ),
     753            'root'          => sanitize_url( get_rest_url() ),
    754754            'nonce'         => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ),
    755755            'versionString' => 'wp/v2/',
Note: See TracChangeset for help on using the changeset viewer.