From b5789d72c3466ddc1cf681239fd079e68eeb82bb Mon Sep 17 00:00:00 2001 From: costdev Date: Wed, 30 Aug 2023 20:25:18 +0000 Subject: [PATCH] General: Replace two `esc_url_raw()` calls in core with `sanitize_url()`. This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage. This replaces the two remaining instances of `esc_url_raw()` with `sanitize_url()` in WordPress core. Follow-up to [53455], [53933], [54522]. Props rajinsharwar, SergeyBiryukov. Fixes #59247. Built from https://develop.svn.wordpress.org/trunk@56494 git-svn-id: http://core.svn.wordpress.org/trunk@56006 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/functions.php | 2 +- wp-includes/update.php | 2 +- wp-includes/version.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/wp-includes/functions.php b/wp-includes/functions.php index d2304f4d55..be03264455 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -3613,7 +3613,7 @@ function wp_nonce_ays( $action ) { if ( wp_get_referer() ) { $wp_http_referer = remove_query_arg( 'updated', wp_get_referer() ); - $wp_http_referer = wp_validate_redirect( esc_url_raw( $wp_http_referer ) ); + $wp_http_referer = wp_validate_redirect( sanitize_url( $wp_http_referer ) ); $html .= '

'; $html .= sprintf( diff --git a/wp-includes/update.php b/wp-includes/update.php index 7c4e31feef..c5349832ac 100644 --- a/wp-includes/update.php +++ b/wp-includes/update.php @@ -754,7 +754,7 @@ function wp_update_themes( $extra_stats = array() ) { continue; } - $hostname = wp_parse_url( esc_url_raw( $theme_data['UpdateURI'] ), PHP_URL_HOST ); + $hostname = wp_parse_url( sanitize_url( $theme_data['UpdateURI'] ), PHP_URL_HOST ); /** * Filters the update response for a given theme hostname. diff --git a/wp-includes/version.php b/wp-includes/version.php index 460549500d..9fd2f229e0 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.4-alpha-56493'; +$wp_version = '6.4-alpha-56494'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.