General: Replace all `esc_url_raw()` calls in core with `sanitize_url()`.
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage. Follow-up to [11383], [13096], [51597], [53452]. Props benjgrolleau, peterwilsoncc, SergeyBiryukov. Fixes #55852. Built from https://develop.svn.wordpress.org/trunk@53455 git-svn-id: http://core.svn.wordpress.org/trunk@53044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
3be126b751
commit
01d172b581
|
@ -83,7 +83,7 @@ if ( $message ) {
|
|||
<div id="message" class="notice notice-<?php echo $class; ?>">
|
||||
<p><strong><?php echo $message; ?></strong></p>
|
||||
<?php if ( $wp_http_referer ) { ?>
|
||||
<p><a href="<?php echo esc_url( wp_validate_redirect( esc_url_raw( $wp_http_referer ), admin_url( 'term.php?taxonomy=' . $taxonomy ) ) ); ?>">
|
||||
<p><a href="<?php echo esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer ), admin_url( 'term.php?taxonomy=' . $taxonomy ) ) ); ?>">
|
||||
<?php echo esc_html( $tax->labels->back_to_items ); ?>
|
||||
</a></p>
|
||||
<?php } ?>
|
||||
|
|
|
@ -160,7 +160,7 @@ switch ( $wp_list_table->current_action() ) {
|
|||
wp_die( __( 'You attempted to edit an item that does not exist. Perhaps it was deleted?' ) );
|
||||
}
|
||||
|
||||
wp_redirect( esc_url_raw( get_edit_term_link( $term_id, $taxonomy, $post_type ) ) );
|
||||
wp_redirect( sanitize_url( get_edit_term_link( $term_id, $taxonomy, $post_type ) ) );
|
||||
exit;
|
||||
|
||||
case 'editedtag':
|
||||
|
|
|
@ -431,7 +431,7 @@ function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) {
|
|||
$total = isset( $_POST['_total'] ) ? (int) $_POST['_total'] : 0;
|
||||
$per_page = isset( $_POST['_per_page'] ) ? (int) $_POST['_per_page'] : 0;
|
||||
$page = isset( $_POST['_page'] ) ? (int) $_POST['_page'] : 0;
|
||||
$url = isset( $_POST['_url'] ) ? esc_url_raw( $_POST['_url'] ) : '';
|
||||
$url = isset( $_POST['_url'] ) ? sanitize_url( $_POST['_url'] ) : '';
|
||||
|
||||
// JS didn't send us everything we need to know. Just die with success message.
|
||||
if ( ! $total || ! $per_page || ! $page || ! $url ) {
|
||||
|
@ -3333,7 +3333,7 @@ function wp_ajax_send_link_to_editor() {
|
|||
$src = 'http://' . $src;
|
||||
}
|
||||
|
||||
$src = esc_url_raw( $src );
|
||||
$src = sanitize_url( $src );
|
||||
if ( ! $src ) {
|
||||
wp_send_json_error();
|
||||
}
|
||||
|
|
|
@ -526,10 +526,10 @@ class Custom_Background {
|
|||
wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
|
||||
update_post_meta( $id, '_wp_attachment_is_custom_background', get_option( 'stylesheet' ) );
|
||||
|
||||
set_theme_mod( 'background_image', esc_url_raw( $url ) );
|
||||
set_theme_mod( 'background_image', sanitize_url( $url ) );
|
||||
|
||||
$thumbnail = wp_get_attachment_image_src( $id, 'thumbnail' );
|
||||
set_theme_mod( 'background_image_thumb', esc_url_raw( $thumbnail[0] ) );
|
||||
set_theme_mod( 'background_image_thumb', sanitize_url( $thumbnail[0] ) );
|
||||
|
||||
/** This action is documented in wp-admin/includes/class-custom-image-header.php */
|
||||
do_action( 'wp_create_file_in_uploads', $file, $id ); // For replication.
|
||||
|
@ -618,8 +618,8 @@ class Custom_Background {
|
|||
|
||||
$url = wp_get_attachment_image_src( $attachment_id, $size );
|
||||
$thumbnail = wp_get_attachment_image_src( $attachment_id, 'thumbnail' );
|
||||
set_theme_mod( 'background_image', esc_url_raw( $url[0] ) );
|
||||
set_theme_mod( 'background_image_thumb', esc_url_raw( $thumbnail[0] ) );
|
||||
set_theme_mod( 'background_image', sanitize_url( $url[0] ) );
|
||||
set_theme_mod( 'background_image_thumb', sanitize_url( $thumbnail[0] ) );
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1159,7 +1159,7 @@ endif;
|
|||
return;
|
||||
}
|
||||
|
||||
$choice['url'] = esc_url_raw( $choice['url'] );
|
||||
$choice['url'] = sanitize_url( $choice['url'] );
|
||||
|
||||
$header_image_data = (object) array(
|
||||
'attachment_id' => $choice['attachment_id'],
|
||||
|
@ -1197,7 +1197,7 @@ endif;
|
|||
}
|
||||
}
|
||||
|
||||
set_theme_mod( 'header_image', esc_url_raw( $header_image_data['url'] ) );
|
||||
set_theme_mod( 'header_image', sanitize_url( $header_image_data['url'] ) );
|
||||
set_theme_mod( 'header_image_data', $header_image_data );
|
||||
}
|
||||
|
||||
|
|
|
@ -632,7 +632,7 @@ function export_wp( $args = array() ) {
|
|||
<wp:comment_id><?php echo (int) $c->comment_ID; ?></wp:comment_id>
|
||||
<wp:comment_author><?php echo wxr_cdata( $c->comment_author ); ?></wp:comment_author>
|
||||
<wp:comment_author_email><?php echo wxr_cdata( $c->comment_author_email ); ?></wp:comment_author_email>
|
||||
<wp:comment_author_url><?php echo esc_url_raw( $c->comment_author_url ); ?></wp:comment_author_url>
|
||||
<wp:comment_author_url><?php echo sanitize_url( $c->comment_author_url ); ?></wp:comment_author_url>
|
||||
<wp:comment_author_IP><?php echo wxr_cdata( $c->comment_author_IP ); ?></wp:comment_author_IP>
|
||||
<wp:comment_date><?php echo wxr_cdata( $c->comment_date ); ?></wp:comment_date>
|
||||
<wp:comment_date_gmt><?php echo wxr_cdata( $c->comment_date_gmt ); ?></wp:comment_date_gmt>
|
||||
|
|
|
@ -917,7 +917,7 @@ function wp_media_upload_handler() {
|
|||
* @param string $src Media source URL.
|
||||
* @param string $title Media title.
|
||||
*/
|
||||
$html = apply_filters( "{$type}_send_to_editor_url", $html, esc_url_raw( $src ), $title );
|
||||
$html = apply_filters( "{$type}_send_to_editor_url", $html, sanitize_url( $src ), $title );
|
||||
} else {
|
||||
$align = '';
|
||||
$alt = esc_attr( wp_unslash( $_POST['alt'] ) );
|
||||
|
@ -942,7 +942,7 @@ function wp_media_upload_handler() {
|
|||
* @param string $align The image alignment. Default 'alignnone'. Possible values include
|
||||
* 'alignleft', 'aligncenter', 'alignright', 'alignnone'.
|
||||
*/
|
||||
$html = apply_filters( 'image_send_to_editor_url', $html, esc_url_raw( $src ), $alt, $align );
|
||||
$html = apply_filters( 'image_send_to_editor_url', $html, sanitize_url( $src ), $alt, $align );
|
||||
}
|
||||
|
||||
return media_send_to_editor( $html );
|
||||
|
|
|
@ -322,7 +322,7 @@ function edit_post( $post_data = null ) {
|
|||
foreach ( $format_meta_urls as $format_meta_url ) {
|
||||
$keyed = '_format_' . $format_meta_url;
|
||||
if ( isset( $post_data[ $keyed ] ) ) {
|
||||
update_post_meta( $post_ID, $keyed, wp_slash( esc_url_raw( wp_unslash( $post_data[ $keyed ] ) ) ) );
|
||||
update_post_meta( $post_ID, $keyed, wp_slash( sanitize_url( wp_unslash( $post_data[ $keyed ] ) ) ) );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -706,10 +706,10 @@ All at ###SITENAME###
|
|||
$content = apply_filters( 'wp_privacy_personal_data_email_content', $email_text, $request_id, $email_data );
|
||||
|
||||
$content = str_replace( '###EXPIRATION###', $expiration_date, $content );
|
||||
$content = str_replace( '###LINK###', esc_url_raw( $export_file_url ), $content );
|
||||
$content = str_replace( '###LINK###', sanitize_url( $export_file_url ), $content );
|
||||
$content = str_replace( '###EMAIL###', $request_email, $content );
|
||||
$content = str_replace( '###SITENAME###', $site_name, $content );
|
||||
$content = str_replace( '###SITEURL###', esc_url_raw( $site_url ), $content );
|
||||
$content = str_replace( '###SITEURL###', sanitize_url( $site_url ), $content );
|
||||
|
||||
$headers = '';
|
||||
|
||||
|
|
|
@ -712,7 +712,7 @@ function wp_prepare_themes_for_js( $themes = null ) {
|
|||
$customize_action = esc_url(
|
||||
add_query_arg(
|
||||
array(
|
||||
'return' => urlencode( esc_url_raw( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ),
|
||||
'return' => urlencode( sanitize_url( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ),
|
||||
),
|
||||
wp_customize_url( $slug )
|
||||
)
|
||||
|
|
|
@ -84,7 +84,7 @@ function edit_user( $user_id = 0 ) {
|
|||
if ( empty( $_POST['url'] ) || 'http://' === $_POST['url'] ) {
|
||||
$user->user_url = '';
|
||||
} else {
|
||||
$user->user_url = esc_url_raw( $_POST['url'] );
|
||||
$user->user_url = sanitize_url( $_POST['url'] );
|
||||
$protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) );
|
||||
$user->user_url = preg_match( '/^(' . $protocols . '):/is', $user->user_url ) ? $user->user_url : 'http://' . $user->user_url;
|
||||
}
|
||||
|
|
|
@ -90,7 +90,7 @@ if ( isset( $_REQUEST['action'] ) && 'update-site' === $_REQUEST['action'] ) {
|
|||
$old_home_parsed = parse_url( $old_home_url );
|
||||
|
||||
if ( $old_home_parsed['host'] === $existing_details->domain && $old_home_parsed['path'] === $existing_details->path ) {
|
||||
$new_home_url = untrailingslashit( esc_url_raw( $blog_data['scheme'] . '://' . $new_details->domain . $new_details->path ) );
|
||||
$new_home_url = untrailingslashit( sanitize_url( $blog_data['scheme'] . '://' . $new_details->domain . $new_details->path ) );
|
||||
update_option( 'home', $new_home_url );
|
||||
}
|
||||
|
||||
|
@ -98,7 +98,7 @@ if ( isset( $_REQUEST['action'] ) && 'update-site' === $_REQUEST['action'] ) {
|
|||
$old_site_parsed = parse_url( $old_site_url );
|
||||
|
||||
if ( $old_site_parsed['host'] === $existing_details->domain && $old_site_parsed['path'] === $existing_details->path ) {
|
||||
$new_site_url = untrailingslashit( esc_url_raw( $blog_data['scheme'] . '://' . $new_details->domain . $new_details->path ) );
|
||||
$new_site_url = untrailingslashit( sanitize_url( $blog_data['scheme'] . '://' . $new_details->domain . $new_details->path ) );
|
||||
update_option( 'siteurl', $new_site_url );
|
||||
}
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ if ( empty( $_REQUEST['tag_ID'] ) ) {
|
|||
$sendback = add_query_arg( 'post_type', get_current_screen()->post_type, $sendback );
|
||||
}
|
||||
|
||||
wp_redirect( esc_url_raw( $sendback ) );
|
||||
wp_redirect( sanitize_url( $sendback ) );
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
|
@ -133,7 +133,7 @@ else :
|
|||
case 0:
|
||||
$goback = wp_get_referer();
|
||||
if ( $goback ) {
|
||||
$goback = esc_url_raw( $goback );
|
||||
$goback = sanitize_url( $goback );
|
||||
$goback = urlencode( $goback );
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -209,7 +209,7 @@ switch ( $action ) {
|
|||
<p><strong><?php _e( 'User updated.' ); ?></strong></p>
|
||||
<?php endif; ?>
|
||||
<?php if ( $wp_http_referer && false === strpos( $wp_http_referer, 'user-new.php' ) && ! IS_PROFILE_PAGE ) : ?>
|
||||
<p><a href="<?php echo esc_url( wp_validate_redirect( esc_url_raw( $wp_http_referer ), self_admin_url( 'users.php' ) ) ); ?>"><?php _e( '← Go to Users' ); ?></a></p>
|
||||
<p><a href="<?php echo esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer ), self_admin_url( 'users.php' ) ) ); ?>"><?php _e( '← Go to Users' ); ?></a></p>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
|
|
@ -2111,7 +2111,7 @@ final class WP_Customize_Manager {
|
|||
$exported_setting_validities = array_map( array( $this, 'prepare_setting_validity_for_js' ), $setting_validities );
|
||||
|
||||
// Note that the REQUEST_URI is not passed into home_url() since this breaks subdirectory installations.
|
||||
$self_url = empty( $_SERVER['REQUEST_URI'] ) ? home_url( '/' ) : esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) );
|
||||
$self_url = empty( $_SERVER['REQUEST_URI'] ) ? home_url( '/' ) : sanitize_url( wp_unslash( $_SERVER['REQUEST_URI'] ) );
|
||||
$state_query_params = array(
|
||||
'customize_theme',
|
||||
'customize_changeset_uuid',
|
||||
|
@ -2158,7 +2158,7 @@ final class WP_Customize_Manager {
|
|||
),
|
||||
'url' => array(
|
||||
'self' => $self_url,
|
||||
'allowed' => array_map( 'esc_url_raw', $this->get_allowed_urls() ),
|
||||
'allowed' => array_map( 'sanitize_url', $this->get_allowed_urls() ),
|
||||
'allowedHosts' => array_unique( $allowed_hosts ),
|
||||
'isCrossDomain' => $this->is_cross_domain(),
|
||||
),
|
||||
|
@ -4574,7 +4574,7 @@ final class WP_Customize_Manager {
|
|||
* @param string $preview_url URL to be previewed.
|
||||
*/
|
||||
public function set_preview_url( $preview_url ) {
|
||||
$preview_url = esc_url_raw( $preview_url );
|
||||
$preview_url = sanitize_url( $preview_url );
|
||||
$this->preview_url = wp_validate_redirect( $preview_url, home_url( '/' ) );
|
||||
}
|
||||
|
||||
|
@ -4662,7 +4662,7 @@ final class WP_Customize_Manager {
|
|||
* @param string $return_url URL for return link.
|
||||
*/
|
||||
public function set_return_url( $return_url ) {
|
||||
$return_url = esc_url_raw( $return_url );
|
||||
$return_url = sanitize_url( $return_url );
|
||||
$return_url = remove_query_arg( wp_removable_query_args(), $return_url );
|
||||
$return_url = wp_validate_redirect( $return_url );
|
||||
$this->return_url = $return_url;
|
||||
|
@ -4894,15 +4894,15 @@ final class WP_Customize_Manager {
|
|||
'_canInstall' => current_user_can( 'install_themes' ),
|
||||
),
|
||||
'url' => array(
|
||||
'preview' => esc_url_raw( $this->get_preview_url() ),
|
||||
'return' => esc_url_raw( $this->get_return_url() ),
|
||||
'parent' => esc_url_raw( admin_url() ),
|
||||
'activated' => esc_url_raw( home_url( '/' ) ),
|
||||
'ajax' => esc_url_raw( admin_url( 'admin-ajax.php', 'relative' ) ),
|
||||
'allowed' => array_map( 'esc_url_raw', $this->get_allowed_urls() ),
|
||||
'preview' => sanitize_url( $this->get_preview_url() ),
|
||||
'return' => sanitize_url( $this->get_return_url() ),
|
||||
'parent' => sanitize_url( admin_url() ),
|
||||
'activated' => sanitize_url( home_url( '/' ) ),
|
||||
'ajax' => sanitize_url( admin_url( 'admin-ajax.php', 'relative' ) ),
|
||||
'allowed' => array_map( 'sanitize_url', $this->get_allowed_urls() ),
|
||||
'isCrossDomain' => $this->is_cross_domain(),
|
||||
'home' => esc_url_raw( home_url( '/' ) ),
|
||||
'login' => esc_url_raw( $login_url ),
|
||||
'home' => sanitize_url( home_url( '/' ) ),
|
||||
'login' => sanitize_url( $login_url ),
|
||||
),
|
||||
'browser' => array(
|
||||
'mobile' => wp_is_mobile(),
|
||||
|
@ -6006,7 +6006,7 @@ final class WP_Customize_Manager {
|
|||
return new WP_Error( 'invalid_value', __( 'Invalid value for background size.' ) );
|
||||
}
|
||||
} elseif ( 'background_image' === $setting->id || 'background_image_thumb' === $setting->id ) {
|
||||
$value = empty( $value ) ? '' : esc_url_raw( $value );
|
||||
$value = empty( $value ) ? '' : sanitize_url( $value );
|
||||
} else {
|
||||
return new WP_Error( 'unrecognized_setting', __( 'Unrecognized background setting.' ) );
|
||||
}
|
||||
|
@ -6079,7 +6079,7 @@ final class WP_Customize_Manager {
|
|||
* @return mixed
|
||||
*/
|
||||
public function _validate_external_header_video( $validity, $value ) {
|
||||
$video = esc_url_raw( $value );
|
||||
$video = sanitize_url( $value );
|
||||
if ( $video ) {
|
||||
if ( ! preg_match( '#^https?://(?:www\.)?(?:youtube\.com/watch|youtu\.be/)#', $video ) ) {
|
||||
$validity->add( 'invalid_url', __( 'Please enter a valid YouTube URL.' ) );
|
||||
|
@ -6097,7 +6097,7 @@ final class WP_Customize_Manager {
|
|||
* @return string Sanitized URL.
|
||||
*/
|
||||
public function _sanitize_external_header_video( $value ) {
|
||||
return esc_url_raw( trim( $value ) );
|
||||
return sanitize_url( trim( $value ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -888,7 +888,7 @@ final class WP_Theme implements ArrayAccess {
|
|||
break;
|
||||
case 'ThemeURI':
|
||||
case 'AuthorURI':
|
||||
$value = esc_url_raw( $value );
|
||||
$value = sanitize_url( $value );
|
||||
break;
|
||||
case 'Tags':
|
||||
$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
|
||||
|
|
|
@ -726,7 +726,7 @@ class WP_Customize_Nav_Menu_Item_Setting extends WP_Customize_Setting {
|
|||
$menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) );
|
||||
|
||||
if ( '' !== $menu_item_value['url'] ) {
|
||||
$menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] );
|
||||
$menu_item_value['url'] = sanitize_url( $menu_item_value['url'] );
|
||||
if ( '' === $menu_item_value['url'] ) {
|
||||
return new WP_Error( 'invalid_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is invalid.
|
||||
}
|
||||
|
|
|
@ -72,7 +72,7 @@ foreach ( array(
|
|||
'pre_post_guid',
|
||||
) as $filter ) {
|
||||
add_filter( $filter, 'wp_strip_all_tags' );
|
||||
add_filter( $filter, 'esc_url_raw' );
|
||||
add_filter( $filter, 'sanitize_url' );
|
||||
add_filter( $filter, 'wp_filter_kses' );
|
||||
}
|
||||
|
||||
|
|
|
@ -2041,7 +2041,7 @@ function get_link( $bookmark_id, $output = OBJECT, $filter = 'raw' ) {
|
|||
*/
|
||||
function clean_url( $url, $protocols = null, $context = 'display' ) {
|
||||
if ( $context == 'db' )
|
||||
_deprecated_function( 'clean_url( $context = \'db\' )', '3.0.0', 'esc_url_raw()' );
|
||||
_deprecated_function( 'clean_url( $context = \'db\' )', '3.0.0', 'sanitize_url()' );
|
||||
else
|
||||
_deprecated_function( __FUNCTION__, '3.0.0', 'esc_url()' );
|
||||
return esc_url( $url, $protocols, $context );
|
||||
|
|
|
@ -426,7 +426,7 @@ function get_post_embed_url( $post = null ) {
|
|||
* @param string $embed_url The post embed URL.
|
||||
* @param WP_Post $post The corresponding post object.
|
||||
*/
|
||||
return esc_url_raw( apply_filters( 'post_embed_url', $embed_url, $post ) );
|
||||
return sanitize_url( apply_filters( 'post_embed_url', $embed_url, $post ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -4354,7 +4354,7 @@ function esc_sql( $data ) {
|
|||
* @param string $url The URL to be cleaned.
|
||||
* @param string[] $protocols Optional. An array of acceptable protocols.
|
||||
* Defaults to return value of wp_allowed_protocols().
|
||||
* @param string $_context Private. Use esc_url_raw() for database usage.
|
||||
* @param string $_context Private. Use sanitize_url() for database usage.
|
||||
* @return string The cleaned URL after the {@see 'clean_url'} filter is applied.
|
||||
* An empty string is returned if `$url` specifies a protocol other than
|
||||
* those in `$protocols`, or if `$url` contains an empty string.
|
||||
|
@ -4830,7 +4830,7 @@ function sanitize_option( $option, $value ) {
|
|||
case 'ping_sites':
|
||||
$value = explode( "\n", $value );
|
||||
$value = array_filter( array_map( 'trim', $value ) );
|
||||
$value = array_filter( array_map( 'esc_url_raw', $value ) );
|
||||
$value = array_filter( array_map( 'sanitize_url', $value ) );
|
||||
$value = implode( "\n", $value );
|
||||
break;
|
||||
|
||||
|
@ -4844,7 +4844,7 @@ function sanitize_option( $option, $value ) {
|
|||
$error = $value->get_error_message();
|
||||
} else {
|
||||
if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {
|
||||
$value = esc_url_raw( $value );
|
||||
$value = sanitize_url( $value );
|
||||
} else {
|
||||
$error = __( 'The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.' );
|
||||
}
|
||||
|
@ -4857,7 +4857,7 @@ function sanitize_option( $option, $value ) {
|
|||
$error = $value->get_error_message();
|
||||
} else {
|
||||
if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {
|
||||
$value = esc_url_raw( $value );
|
||||
$value = sanitize_url( $value );
|
||||
} else {
|
||||
$error = __( 'The Site address you entered did not appear to be a valid URL. Please enter a valid URL.' );
|
||||
}
|
||||
|
@ -4929,7 +4929,7 @@ function sanitize_option( $option, $value ) {
|
|||
if ( is_wp_error( $value ) ) {
|
||||
$error = $value->get_error_message();
|
||||
} else {
|
||||
$value = esc_url_raw( $value );
|
||||
$value = sanitize_url( $value );
|
||||
$value = str_replace( 'http://', '', $value );
|
||||
}
|
||||
|
||||
|
@ -5580,7 +5580,7 @@ function sanitize_trackback_urls( $to_ping ) {
|
|||
unset( $urls_to_ping[ $k ] );
|
||||
}
|
||||
}
|
||||
$urls_to_ping = array_map( 'esc_url_raw', $urls_to_ping );
|
||||
$urls_to_ping = array_map( 'sanitize_url', $urls_to_ping );
|
||||
$urls_to_ping = implode( "\n", $urls_to_ping );
|
||||
/**
|
||||
* Filters a list of trackback URLs following sanitization.
|
||||
|
@ -5649,7 +5649,7 @@ function get_url_in_content( $content ) {
|
|||
}
|
||||
|
||||
if ( preg_match( '/<a\s[^>]*?href=([\'"])(.+?)\1/is', $content, $matches ) ) {
|
||||
return esc_url_raw( $matches[2] );
|
||||
return sanitize_url( $matches[2] );
|
||||
}
|
||||
|
||||
return false;
|
||||
|
|
|
@ -4759,10 +4759,10 @@ function get_the_generator( $type = '' ) {
|
|||
$gen = '<generator uri="https://wordpress.org/" version="' . esc_attr( get_bloginfo_rss( 'version' ) ) . '">WordPress</generator>';
|
||||
break;
|
||||
case 'rss2':
|
||||
$gen = '<generator>' . esc_url_raw( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '</generator>';
|
||||
$gen = '<generator>' . sanitize_url( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '</generator>';
|
||||
break;
|
||||
case 'rdf':
|
||||
$gen = '<admin:generatorAgent rdf:resource="' . esc_url_raw( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '" />';
|
||||
$gen = '<admin:generatorAgent rdf:resource="' . sanitize_url( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '" />';
|
||||
break;
|
||||
case 'comment':
|
||||
$gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo( 'version' ) ) . '" -->';
|
||||
|
|
|
@ -2343,7 +2343,7 @@ function adjacent_post_link( $format, $link, $in_same_term = false, $excluded_te
|
|||
*
|
||||
* @param int $pagenum Optional. Page number. Default 1.
|
||||
* @param bool $escape Optional. Whether to escape the URL for display, with esc_url(). Defaults to true.
|
||||
* Otherwise, prepares the URL with esc_url_raw().
|
||||
* Otherwise, prepares the URL with sanitize_url().
|
||||
* @return string The link URL for the given page number.
|
||||
*/
|
||||
function get_pagenum_link( $pagenum = 1, $escape = true ) {
|
||||
|
@ -2410,7 +2410,7 @@ function get_pagenum_link( $pagenum = 1, $escape = true ) {
|
|||
if ( $escape ) {
|
||||
return esc_url( $result );
|
||||
} else {
|
||||
return esc_url_raw( $result );
|
||||
return sanitize_url( $result );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -378,7 +378,7 @@ function get_blogaddress_by_domain( $domain, $path ) {
|
|||
$url = 'http://' . $domain . $path;
|
||||
}
|
||||
}
|
||||
return esc_url_raw( $url );
|
||||
return sanitize_url( $url );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -573,7 +573,7 @@ function wp_update_nav_menu_item( $menu_id = 0, $menu_item_db_id = 0, $menu_item
|
|||
$args['menu-item-xfn'] = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) );
|
||||
update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );
|
||||
update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );
|
||||
update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw( $args['menu-item-url'] ) );
|
||||
update_post_meta( $menu_item_db_id, '_menu_item_url', sanitize_url( $args['menu-item-url'] ) );
|
||||
|
||||
if ( 0 == $menu_id ) {
|
||||
update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() );
|
||||
|
|
|
@ -710,7 +710,7 @@ function rest_send_cors_headers( $value ) {
|
|||
if ( $origin ) {
|
||||
// Requests from file:// and data: URLs send "Origin: null".
|
||||
if ( 'null' !== $origin ) {
|
||||
$origin = esc_url_raw( $origin );
|
||||
$origin = sanitize_url( $origin );
|
||||
}
|
||||
header( 'Access-Control-Allow-Origin: ' . $origin );
|
||||
header( 'Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE' );
|
||||
|
@ -993,12 +993,12 @@ function rest_output_link_header() {
|
|||
return;
|
||||
}
|
||||
|
||||
header( sprintf( 'Link: <%s>; rel="https://api.w.org/"', esc_url_raw( $api_root ) ), false );
|
||||
header( sprintf( 'Link: <%s>; rel="https://api.w.org/"', sanitize_url( $api_root ) ), false );
|
||||
|
||||
$resource = rest_get_queried_resource_route();
|
||||
|
||||
if ( $resource ) {
|
||||
header( sprintf( 'Link: <%s>; rel="alternate"; type="application/json"', esc_url_raw( rest_url( $resource ) ) ), false );
|
||||
header( sprintf( 'Link: <%s>; rel="alternate"; type="application/json"', sanitize_url( rest_url( $resource ) ) ), false );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2795,7 +2795,7 @@ function rest_sanitize_value_from_schema( $value, $args, $param = '' ) {
|
|||
return sanitize_text_field( $value );
|
||||
|
||||
case 'uri':
|
||||
return esc_url_raw( $value );
|
||||
return sanitize_url( $value );
|
||||
|
||||
case 'ip':
|
||||
return sanitize_text_field( $value );
|
||||
|
|
|
@ -284,7 +284,7 @@ class WP_REST_Server {
|
|||
|
||||
$api_root = get_rest_url();
|
||||
if ( ! empty( $api_root ) ) {
|
||||
$this->send_header( 'Link', '<' . esc_url_raw( $api_root ) . '>; rel="https://api.w.org/"' );
|
||||
$this->send_header( 'Link', '<' . sanitize_url( $api_root ) . '>; rel="https://api.w.org/"' );
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -860,7 +860,7 @@ class WP_REST_Menu_Items_Controller extends WP_REST_Posts_Controller {
|
|||
return true;
|
||||
}
|
||||
|
||||
if ( esc_url_raw( $url ) ) {
|
||||
if ( sanitize_url( $url ) ) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@ class WP_REST_URL_Details_Controller extends WP_REST_Controller {
|
|||
'required' => true,
|
||||
'description' => __( 'The URL to process.' ),
|
||||
'validate_callback' => 'wp_http_validate_url',
|
||||
'sanitize_callback' => 'esc_url_raw',
|
||||
'sanitize_callback' => 'sanitize_url',
|
||||
'type' => 'string',
|
||||
'format' => 'uri',
|
||||
),
|
||||
|
|
|
@ -337,7 +337,7 @@ function wp_default_packages_inline_scripts( $scripts ) {
|
|||
'wp-api-fetch',
|
||||
sprintf(
|
||||
'wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "%s" ) );',
|
||||
esc_url_raw( get_rest_url() )
|
||||
sanitize_url( get_rest_url() )
|
||||
),
|
||||
'after'
|
||||
);
|
||||
|
@ -750,7 +750,7 @@ function wp_default_scripts( $scripts ) {
|
|||
'wp-api-request',
|
||||
'wpApiSettings',
|
||||
array(
|
||||
'root' => esc_url_raw( get_rest_url() ),
|
||||
'root' => sanitize_url( get_rest_url() ),
|
||||
'nonce' => wp_installing() ? '' : wp_create_nonce( 'wp_rest' ),
|
||||
'versionString' => 'wp/v2/',
|
||||
)
|
||||
|
|
|
@ -1179,7 +1179,7 @@ function get_header_image() {
|
|||
$url = get_random_header_image();
|
||||
}
|
||||
|
||||
return esc_url_raw( set_url_scheme( $url ) );
|
||||
return sanitize_url( set_url_scheme( $url ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1428,7 +1428,7 @@ function get_uploaded_header_images() {
|
|||
}
|
||||
|
||||
foreach ( (array) $headers as $header ) {
|
||||
$url = esc_url_raw( wp_get_attachment_url( $header->ID ) );
|
||||
$url = sanitize_url( wp_get_attachment_url( $header->ID ) );
|
||||
$header_data = wp_get_attachment_metadata( $header->ID );
|
||||
$header_index = $header->ID;
|
||||
|
||||
|
@ -1589,7 +1589,7 @@ function get_header_video_url() {
|
|||
return false;
|
||||
}
|
||||
|
||||
return esc_url_raw( set_url_scheme( $url ) );
|
||||
return sanitize_url( set_url_scheme( $url ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1806,7 +1806,7 @@ function _custom_background_cb() {
|
|||
$style = $color ? "background-color: #$color;" : '';
|
||||
|
||||
if ( $background ) {
|
||||
$image = ' background-image: url("' . esc_url_raw( $background ) . '");';
|
||||
$image = ' background-image: url("' . sanitize_url( $background ) . '");';
|
||||
|
||||
// Background Position.
|
||||
$position_x = get_theme_mod( 'background_position_x', get_theme_support( 'custom-background', 'default-position-x' ) );
|
||||
|
@ -2146,7 +2146,7 @@ function get_editor_stylesheets() {
|
|||
// Support externally referenced styles (like, say, fonts).
|
||||
foreach ( $editor_styles as $key => $file ) {
|
||||
if ( preg_match( '~^(https?:)?//~', $file ) ) {
|
||||
$stylesheets[] = esc_url_raw( $file );
|
||||
$stylesheets[] = sanitize_url( $file );
|
||||
unset( $editor_styles[ $key ] );
|
||||
}
|
||||
}
|
||||
|
|
|
@ -430,7 +430,7 @@ function wp_update_plugins( $extra_stats = array() ) {
|
|||
continue;
|
||||
}
|
||||
|
||||
$hostname = wp_parse_url( esc_url_raw( $plugin_data['UpdateURI'] ), PHP_URL_HOST );
|
||||
$hostname = wp_parse_url( sanitize_url( $plugin_data['UpdateURI'] ), PHP_URL_HOST );
|
||||
|
||||
/**
|
||||
* Filters the update response for a given plugin hostname.
|
||||
|
|
|
@ -4158,8 +4158,8 @@ All at ###SITENAME###
|
|||
$content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
|
||||
$content = str_replace( '###USER_EMAIL###', $email_data['user_email'], $content );
|
||||
$content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
|
||||
$content = str_replace( '###MANAGE_URL###', esc_url_raw( $email_data['manage_url'] ), $content );
|
||||
$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
|
||||
$content = str_replace( '###MANAGE_URL###', sanitize_url( $email_data['manage_url'] ), $content );
|
||||
$content = str_replace( '###SITEURL###', sanitize_url( $email_data['siteurl'] ), $content );
|
||||
|
||||
$headers = '';
|
||||
|
||||
|
@ -4399,7 +4399,7 @@ All at ###SITENAME###
|
|||
|
||||
$content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
|
||||
$content = str_replace( '###PRIVACY_POLICY_URL###', $email_data['privacy_policy_url'], $content );
|
||||
$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
|
||||
$content = str_replace( '###SITEURL###', sanitize_url( $email_data['siteurl'] ), $content );
|
||||
|
||||
$headers = '';
|
||||
|
||||
|
@ -4720,10 +4720,10 @@ All at ###SITENAME###
|
|||
$content = apply_filters( 'user_request_action_email_content', $content, $email_data );
|
||||
|
||||
$content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
|
||||
$content = str_replace( '###CONFIRM_URL###', esc_url_raw( $email_data['confirm_url'] ), $content );
|
||||
$content = str_replace( '###CONFIRM_URL###', sanitize_url( $email_data['confirm_url'] ), $content );
|
||||
$content = str_replace( '###EMAIL###', $email_data['email'], $content );
|
||||
$content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
|
||||
$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
|
||||
$content = str_replace( '###SITEURL###', sanitize_url( $email_data['siteurl'] ), $content );
|
||||
|
||||
$headers = '';
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '6.1-alpha-53454';
|
||||
$wp_version = '6.1-alpha-53455';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
|
@ -1767,7 +1767,7 @@ function wp_widget_rss_process( $widget_rss, $check_feed = true ) {
|
|||
if ( $items < 1 || 20 < $items ) {
|
||||
$items = 10;
|
||||
}
|
||||
$url = esc_url_raw( strip_tags( $widget_rss['url'] ) );
|
||||
$url = sanitize_url( strip_tags( $widget_rss['url'] ) );
|
||||
$title = isset( $widget_rss['title'] ) ? trim( strip_tags( $widget_rss['title'] ) ) : '';
|
||||
$show_summary = isset( $widget_rss['show_summary'] ) ? (int) $widget_rss['show_summary'] : 0;
|
||||
$show_author = isset( $widget_rss['show_author'] ) ? (int) $widget_rss['show_author'] : 0;
|
||||
|
|
|
@ -360,7 +360,7 @@ function login_footer( $input_id = '' ) {
|
|||
<?php } ?>
|
||||
|
||||
<?php if ( isset( $_GET['redirect_to'] ) && '' !== $_GET['redirect_to'] ) { ?>
|
||||
<input type="hidden" name="redirect_to" value="<?php echo esc_url_raw( $_GET['redirect_to'] ); ?>" />
|
||||
<input type="hidden" name="redirect_to" value="<?php echo sanitize_url( $_GET['redirect_to'] ); ?>" />
|
||||
<?php } ?>
|
||||
|
||||
<?php if ( isset( $_GET['action'] ) && '' !== $_GET['action'] ) { ?>
|
||||
|
|
Loading…
Reference in New Issue