Make WordPress Core

Opened 8 months ago

Closed 8 months ago

Last modified 8 months ago

#59247 closed enhancement (fixed)

Replace the remaining instances of esc_url_raw() with sanitize_url()

Reported by: sergeybiryukov's profile SergeyBiryukov Owned by: costdev's profile costdev
Milestone: 6.4 Priority: normal
Severity: normal Version: 6.1
Component: Formatting Keywords: good-first-bug has-patch
Focuses: Cc:


Background: #55852.

Since esc_url_raw() is now a wrapper for sanitize_url(), all of the former function calls in core were replaced with the latter in [53455] / #55852.

Two instances accidentally snuck in later:

  • One in wp_update_themes() from [53933].
  • One in wp_nonce_ays() from [54522].

For consistency, let's replace those two esc_url_raw() calls with sanitize_url() as well.

Change History (4)

This ticket was mentioned in PR #5117 on WordPress/wordpress-develop by @rajinsharwar.

8 months ago

  • Keywords has-patch added; needs-patch removed

Updating instances of esc_url_raw with sanitize_url()

Trac ticket:

#2 @rajinsharwar
8 months ago

Updating the instances in both the files.

#3 @costdev
8 months ago

  • Owner set to costdev
  • Resolution set to fixed
  • Status changed from new to closed

In 56494:

General: Replace two esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

This replaces the two remaining instances of esc_url_raw() with sanitize_url() in WordPress core.

Follow-up to [53455], [53933], [54522].

Props rajinsharwar, SergeyBiryukov.
Fixes #59247.

@costdev commented on PR #5117:

8 months ago

Thanks for the PR! Merged in r56494.

Note: See TracTickets for help on using tickets.