vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-14 17:44:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

General: Replace all esc_url_raw() calls in core with sanitize_url().

Browse Source 
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

git-svn-id: https://develop.svn.wordpress.org/trunk@53455 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov
2022-06-01 18:12:25 +00:00
parent c59af567e5
commit b316c8b25f
39 changed files with 87 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/wp-includes/formatting.php
View File

@@ -4354,7 +4354,7 @@ function esc_sql( $data ) {
* @param string $url The URL to be cleaned.
* @param string[] $protocols Optional. An array of acceptable protocols.
* Defaults to return value of wp_allowed_protocols().
* @param string $_context Private. Use esc_url_raw() for database usage.
* @param string $_context Private. Use sanitize_url() for database usage.
* @return string The cleaned URL after the {@see 'clean_url'} filter is applied.
* An empty string is returned if `$url` specifies a protocol other than
* those in `$protocols`, or if `$url` contains an empty string.
@@ -4830,7 +4830,7 @@ function sanitize_option( $option, $value ) {
case 'ping_sites':
$value = explode( "\n", $value );
$value = array_filter( array_map( 'trim', $value ) );
$value = array_filter( array_map( 'esc_url_raw', $value ) );
$value = array_filter( array_map( 'sanitize_url', $value ) );
$value = implode( "\n", $value );
break;
@@ -4844,7 +4844,7 @@ function sanitize_option( $option, $value ) {
$error = $value->get_error_message();
} else {
if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {
$value = esc_url_raw( $value );
$value = sanitize_url( $value );
} else {
$error = __( 'The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.' );
}
@@ -4857,7 +4857,7 @@ function sanitize_option( $option, $value ) {
$error = $value->get_error_message();
} else {
if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {
$value = esc_url_raw( $value );
$value = sanitize_url( $value );
} else {
$error = __( 'The Site address you entered did not appear to be a valid URL. Please enter a valid URL.' );
}
@@ -4929,7 +4929,7 @@ function sanitize_option( $option, $value ) {
if ( is_wp_error( $value ) ) {
$error = $value->get_error_message();
} else {
$value = esc_url_raw( $value );
$value = sanitize_url( $value );
$value = str_replace( 'http://', '', $value );
}
@@ -5580,7 +5580,7 @@ function sanitize_trackback_urls( $to_ping ) {
unset( $urls_to_ping[ $k ] );
}
}
$urls_to_ping = array_map( 'esc_url_raw', $urls_to_ping );
$urls_to_ping = array_map( 'sanitize_url', $urls_to_ping );
$urls_to_ping = implode( "\n", $urls_to_ping );
/**
* Filters a list of trackback URLs following sanitization.
@@ -5649,7 +5649,7 @@ function get_url_in_content( $content ) {
}
if ( preg_match( '/<a\s[^>]*?href=([\'"])(.+?)\1/is', $content, $matches ) ) {
return esc_url_raw( $matches[2] );
return sanitize_url( $matches[2] );
}
return false;