Make WordPress Core


Ignore:
Timestamp:
06/01/2022 06:12:25 PM (2 years ago)
Author:
SergeyBiryukov
Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/theme.php

    r53416 r53455  
    11801180    }
    11811181
    1182     return esc_url_raw( set_url_scheme( $url ) );
     1182    return sanitize_url( set_url_scheme( $url ) );
    11831183}
    11841184
     
    14291429
    14301430    foreach ( (array) $headers as $header ) {
    1431         $url          = esc_url_raw( wp_get_attachment_url( $header->ID ) );
     1431        $url          = sanitize_url( wp_get_attachment_url( $header->ID ) );
    14321432        $header_data  = wp_get_attachment_metadata( $header->ID );
    14331433        $header_index = $header->ID;
     
    15901590    }
    15911591
    1592     return esc_url_raw( set_url_scheme( $url ) );
     1592    return sanitize_url( set_url_scheme( $url ) );
    15931593}
    15941594
     
    18071807
    18081808    if ( $background ) {
    1809         $image = ' background-image: url("' . esc_url_raw( $background ) . '");';
     1809        $image = ' background-image: url("' . sanitize_url( $background ) . '");';
    18101810
    18111811        // Background Position.
     
    21472147        foreach ( $editor_styles as $key => $file ) {
    21482148            if ( preg_match( '~^(https?:)?//~', $file ) ) {
    2149                 $stylesheets[] = esc_url_raw( $file );
     2149                $stylesheets[] = sanitize_url( $file );
    21502150                unset( $editor_styles[ $key ] );
    21512151            }
Note: See TracChangeset for help on using the changeset viewer.