Make WordPress Core

Changeset 56494


Ignore:
Timestamp:
08/30/2023 08:23:18 PM (9 months ago)
Author:
costdev
Message:

General: Replace two esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

This replaces the two remaining instances of esc_url_raw() with sanitize_url() in WordPress core.

Follow-up to [53455], [53933], [54522].

Props rajinsharwar, SergeyBiryukov.
Fixes #59247.

Location:
trunk/src/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r56474 r56494  
    36143614        if ( wp_get_referer() ) {
    36153615            $wp_http_referer = remove_query_arg( 'updated', wp_get_referer() );
    3616             $wp_http_referer = wp_validate_redirect( esc_url_raw( $wp_http_referer ) );
     3616            $wp_http_referer = wp_validate_redirect( sanitize_url( $wp_http_referer ) );
    36173617
    36183618            $html .= '</p><p>';
  • trunk/src/wp-includes/update.php

    r56341 r56494  
    755755        }
    756756
    757         $hostname = wp_parse_url( esc_url_raw( $theme_data['UpdateURI'] ), PHP_URL_HOST );
     757        $hostname = wp_parse_url( sanitize_url( $theme_data['UpdateURI'] ), PHP_URL_HOST );
    758758
    759759        /**
Note: See TracChangeset for help on using the changeset viewer.