mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-06-28 22:30:04 +00:00
General: Replace all esc_url_raw() calls in core with sanitize_url().
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage. Follow-up to [11383], [13096], [51597], [53452]. Props benjgrolleau, peterwilsoncc, SergeyBiryukov. Fixes #55852. git-svn-id: https://develop.svn.wordpress.org/trunk@53455 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov
@@ -2111,7 +2111,7 @@ final class WP_Customize_Manager {
|
||||
$exported_setting_validities = array_map( array( $this, 'prepare_setting_validity_for_js' ), $setting_validities );
|
||||
|
||||
// Note that the REQUEST_URI is not passed into home_url() since this breaks subdirectory installations.
|
||||
$self_url = empty( $_SERVER['REQUEST_URI'] ) ? home_url( '/' ) : esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) );
|
||||
$self_url = empty( $_SERVER['REQUEST_URI'] ) ? home_url( '/' ) : sanitize_url( wp_unslash( $_SERVER['REQUEST_URI'] ) );
|
||||
$state_query_params = array(
|
||||
'customize_theme',
|
||||
'customize_changeset_uuid',
|
||||
@@ -2158,7 +2158,7 @@ final class WP_Customize_Manager {
|
||||
),
|
||||
'url' => array(
|
||||
'self' => $self_url,
|
||||
'allowed' => array_map( 'esc_url_raw', $this->get_allowed_urls() ),
|
||||
'allowed' => array_map( 'sanitize_url', $this->get_allowed_urls() ),
|
||||
'allowedHosts' => array_unique( $allowed_hosts ),
|
||||
'isCrossDomain' => $this->is_cross_domain(),
|
||||
),
|
||||
@@ -4574,7 +4574,7 @@ final class WP_Customize_Manager {
|
||||
* @param string $preview_url URL to be previewed.
|
||||
*/
|
||||
public function set_preview_url( $preview_url ) {
|
||||
$preview_url = esc_url_raw( $preview_url );
|
||||
$preview_url = sanitize_url( $preview_url );
|
||||
$this->preview_url = wp_validate_redirect( $preview_url, home_url( '/' ) );
|
||||
}
|
||||
|
||||
@@ -4662,7 +4662,7 @@ final class WP_Customize_Manager {
|
||||
* @param string $return_url URL for return link.
|
||||
*/
|
||||
public function set_return_url( $return_url ) {
|
||||
$return_url = esc_url_raw( $return_url );
|
||||
$return_url = sanitize_url( $return_url );
|
||||
$return_url = remove_query_arg( wp_removable_query_args(), $return_url );
|
||||
$return_url = wp_validate_redirect( $return_url );
|
||||
$this->return_url = $return_url;
|
||||
@@ -4894,15 +4894,15 @@ final class WP_Customize_Manager {
|
||||
'_canInstall' => current_user_can( 'install_themes' ),
|
||||
),
|
||||
'url' => array(
|
||||
'preview' => esc_url_raw( $this->get_preview_url() ),
|
||||
'return' => esc_url_raw( $this->get_return_url() ),
|
||||
'parent' => esc_url_raw( admin_url() ),
|
||||
'activated' => esc_url_raw( home_url( '/' ) ),
|
||||
'ajax' => esc_url_raw( admin_url( 'admin-ajax.php', 'relative' ) ),
|
||||
'allowed' => array_map( 'esc_url_raw', $this->get_allowed_urls() ),
|
||||
'preview' => sanitize_url( $this->get_preview_url() ),
|
||||
'return' => sanitize_url( $this->get_return_url() ),
|
||||
'parent' => sanitize_url( admin_url() ),
|
||||
'activated' => sanitize_url( home_url( '/' ) ),
|
||||
'ajax' => sanitize_url( admin_url( 'admin-ajax.php', 'relative' ) ),
|
||||
'allowed' => array_map( 'sanitize_url', $this->get_allowed_urls() ),
|
||||
'isCrossDomain' => $this->is_cross_domain(),
|
||||
'home' => esc_url_raw( home_url( '/' ) ),
|
||||
'login' => esc_url_raw( $login_url ),
|
||||
'home' => sanitize_url( home_url( '/' ) ),
|
||||
'login' => sanitize_url( $login_url ),
|
||||
),
|
||||
'browser' => array(
|
||||
'mobile' => wp_is_mobile(),
|
||||
@@ -6006,7 +6006,7 @@ final class WP_Customize_Manager {
|
||||
return new WP_Error( 'invalid_value', __( 'Invalid value for background size.' ) );
|
||||
}
|
||||
} elseif ( 'background_image' === $setting->id || 'background_image_thumb' === $setting->id ) {
|
||||
$value = empty( $value ) ? '' : esc_url_raw( $value );
|
||||
$value = empty( $value ) ? '' : sanitize_url( $value );
|
||||
} else {
|
||||
return new WP_Error( 'unrecognized_setting', __( 'Unrecognized background setting.' ) );
|
||||
}
|
||||
@@ -6079,7 +6079,7 @@ final class WP_Customize_Manager {
|
||||
* @return mixed
|
||||
*/
|
||||
public function _validate_external_header_video( $validity, $value ) {
|
||||
$video = esc_url_raw( $value );
|
||||
$video = sanitize_url( $value );
|
||||
if ( $video ) {
|
||||
if ( ! preg_match( '#^https?://(?:www\.)?(?:youtube\.com/watch|youtu\.be/)#', $video ) ) {
|
||||
$validity->add( 'invalid_url', __( 'Please enter a valid YouTube URL.' ) );
|
||||
@@ -6097,7 +6097,7 @@ final class WP_Customize_Manager {
|
||||
* @return string Sanitized URL.
|
||||
*/
|
||||
public function _sanitize_external_header_video( $value ) {
|
||||
return esc_url_raw( trim( $value ) );
|
||||
return sanitize_url( trim( $value ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user