Make WordPress Core


Ignore:
Timestamp:
06/01/2022 06:12:25 PM (3 years ago)
Author:
SergeyBiryukov
Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r53179 r53455  
    41594159    $content = str_replace( '###USER_EMAIL###', $email_data['user_email'], $content );
    41604160    $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
    4161     $content = str_replace( '###MANAGE_URL###', esc_url_raw( $email_data['manage_url'] ), $content );
    4162     $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
     4161    $content = str_replace( '###MANAGE_URL###', sanitize_url( $email_data['manage_url'] ), $content );
     4162    $content = str_replace( '###SITEURL###', sanitize_url( $email_data['siteurl'] ), $content );
    41634163
    41644164    $headers = '';
     
    44004400    $content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
    44014401    $content = str_replace( '###PRIVACY_POLICY_URL###', $email_data['privacy_policy_url'], $content );
    4402     $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
     4402    $content = str_replace( '###SITEURL###', sanitize_url( $email_data['siteurl'] ), $content );
    44034403
    44044404    $headers = '';
     
    47214721
    47224722    $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
    4723     $content = str_replace( '###CONFIRM_URL###', esc_url_raw( $email_data['confirm_url'] ), $content );
     4723    $content = str_replace( '###CONFIRM_URL###', sanitize_url( $email_data['confirm_url'] ), $content );
    47244724    $content = str_replace( '###EMAIL###', $email_data['email'], $content );
    47254725    $content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
    4726     $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
     4726    $content = str_replace( '###SITEURL###', sanitize_url( $email_data['siteurl'] ), $content );
    47274727
    47284728    $headers = '';
Note: See TracChangeset for help on using the changeset viewer.