diff --git a/src/wp-admin/authorize-application.php b/src/wp-admin/authorize-application.php
index 8d931f4666..d4a8b48983 100644
--- a/src/wp-admin/authorize-application.php
+++ b/src/wp-admin/authorize-application.php
@@ -67,14 +67,14 @@ $title = __( 'Authorize Application' );
 
 $app_name    = ! empty( $_REQUEST['app_name'] ) ? $_REQUEST['app_name'] : '';
 $app_id      = ! empty( $_REQUEST['app_id'] ) ? $_REQUEST['app_id'] : '';
-$success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : null;
+$success_url = ! empty( $_REQUEST['success_url'] ) ? $_REQUEST['success_url'] : '';
 
 if ( ! empty( $_REQUEST['reject_url'] ) ) {
 	$reject_url = $_REQUEST['reject_url'];
 } elseif ( $success_url ) {
 	$reject_url = add_query_arg( 'success', 'false', $success_url );
 } else {
-	$reject_url = null;
+	$reject_url = '';
 }
 
 $user = wp_get_current_user();
diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
index 6530f03780..e618536f41 100644
--- a/src/wp-includes/formatting.php
+++ b/src/wp-includes/formatting.php
@@ -4479,7 +4479,7 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
 		return $url;
 	}
 
-	$url = str_replace( ' ', '%20', ltrim( (string) $url ) );
+	$url = str_replace( ' ', '%20', ltrim( $url ) );
 	$url = preg_replace( '|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\[\]\\x80-\\xff]|i', '', $url );
 
 	if ( '' === $url ) {