IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

General: Restore (un-deprecate) the sanitize_url() function.

Browse Source 
A general security rule is "Sanitize when you save, escape when you echo", and for the most part WordPress has well-named functions like `sanitize_email()` and others, with `esc_url_raw()` being a single exception that does not follow the naming.

This commit restores the previously deprecated `sanitize_url()` function as a valid alias of `esc_url_raw()`.

This better aligns with the naming with other `sanitize_*()` functions:

* `sanitize_bookmark()`
* `sanitize_bookmark_field()`
* `sanitize_category()`
* `sanitize_category_field()`
* `sanitize_comment_cookies()`
* `sanitize_email()`
* `sanitize_file_name()`
* `sanitize_hex_color()`
* `sanitize_hex_color_no_hash()`
* `sanitize_html_class()`
* `sanitize_key()`
* `sanitize_meta()`
* `sanitize_mime_type()`
* `sanitize_option()`
* `sanitize_post()`
* `sanitize_post_field()`
* `sanitize_sql_orderby()`
* `sanitize_term()`
* `sanitize_term_field()`
* `sanitize_text_field()`
* `sanitize_textarea_field()`
* `sanitize_title()`
* `sanitize_title_for_query()`
* `sanitize_title_with_dashes()`
* `sanitize_trackback_urls()`
* `sanitize_user()`
* `sanitize_user_field()`

Follow-up to [11383], [13096].

Props Ipstenu, aadilali.
Fixes #53876.
Built from https://develop.svn.wordpress.org/trunk@51597


git-svn-id: http://core.svn.wordpress.org/trunk@51208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov
2021-08-10 19:44:59 +00:00
parent 78e8a3db65
commit d8413a32e1
3 changed files with 22 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
wp-includes/formatting.php
View File

@@ -4404,7 +4404,7 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
}
/**
* Performs esc_url() for database usage.
* Performs esc_url() for database or redirect usage.
*
* @since 2.8.0
*
@@ -4419,6 +4419,26 @@ function esc_url_raw( $url, $protocols = null ) {
return esc_url( $url, $protocols, 'db' );
}
/**
* Performs esc_url() for database or redirect usage.
*
* This function is an alias for esc_url_raw().
*
* @since 2.3.1
* @since 2.8.0 Deprecated in favor of esc_url_raw().
* @since 5.9.0 Restored (un-deprecated).
*
* @see esc_url_raw()
*
* @param string $url The URL to be cleaned.
* @param string[] $protocols Optional. An array of acceptable protocols.
* Defaults to return value of wp_allowed_protocols().
* @return string The cleaned URL after esc_url() is run with the 'db' context.
*/
function sanitize_url( $url, $protocols = null ) {
return esc_url_raw( $url, $protocols );
}
/**
* Convert entities, while preserving already-encoded entities.
*