Changeset 53455 for trunk/src/wp-includes/theme.php

Timestamp:

06/01/2022 06:12:25 PM (3 years ago)

Author:

SergeyBiryukov

Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:

• trunk/src/wp-includes/theme.php (modified) (5 diffs)

trunk/src/wp-includes/theme.php

@@ -1180 +1180 @@
     }
 
-    return esc_url_raw( set_url_scheme( $url ) );
+    return sanitize_url( set_url_scheme( $url ) );
 }
 
@@ -1429 +1429 @@
 
     foreach ( (array) $headers as $header ) {
-        $url          = esc_url_raw( wp_get_attachment_url( $header->ID ) );
+        $url          = sanitize_url( wp_get_attachment_url( $header->ID ) );
         $header_data  = wp_get_attachment_metadata( $header->ID );
         $header_index = $header->ID;
@@ -1590 +1590 @@
     }
 
-    return esc_url_raw( set_url_scheme( $url ) );
+    return sanitize_url( set_url_scheme( $url ) );
 }
 
@@ -1807 +1807 @@
 
     if ( $background ) {
-        $image = ' background-image: url("' . esc_url_raw( $background ) . '");';
+        $image = ' background-image: url("' . sanitize_url( $background ) . '");';
 
         // Background Position.
@@ -2147 +2147 @@
         foreach ( $editor_styles as $key => $file ) {
             if ( preg_match( '~^(https?:)?//~', $file ) ) {
-                $stylesheets[] = esc_url_raw( $file );
+                $stylesheets[] = sanitize_url( $file );
                 unset( $editor_styles[ $key ] );
             }