General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage. Follow-up to [11383], [13096], [51597], [53452]. Props benjgrolleau, peterwilsoncc, SergeyBiryukov. Fixes #55852. git-svn-id: https://develop.svn.wordpress.org/trunk@53455 602fd350-edb4-49c9-b593-d223f7449a82
2026-04-06 13:44:30 +00:00 · 2022-06-01 18:12:25 +00:00
parent c59af567e5
commit b316c8b25f
39 changed files with 87 additions and 87 deletions
--- a/src/wp-includes/script-loader.php
+++ b/src/wp-includes/script-loader.php
@@ -337,7 +337,7 @@ function wp_default_packages_inline_scripts( $scripts ) {
 		'wp-api-fetch',
 		sprintf(
 			'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );',
-			esc_url_raw( get_rest_url() )
+			sanitize_url( get_rest_url() )
 		),
 		'after'
 	);
@@ -750,7 +750,7 @@ function wp_default_scripts( $scripts ) {
 		'wp-api-request',
 		'wpApiSettings',
 		array(
-			'root'          => esc_url_raw( get_rest_url() ),
+			'root'          => sanitize_url( get_rest_url() ),
 			'nonce'         => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ),
 			'versionString' => 'wp/v2/',
 		)