diff options
| author | Sergey Biryukov <sergeybiryukov@git.wordpress.org> | 2022-06-01 18:12:25 +0000 |
|---|---|---|
| committer | Sergey Biryukov <sergeybiryukov@git.wordpress.org> | 2022-06-01 18:12:25 +0000 |
| commit | b316c8b25fc71920d89ee37ee26609a77b2a305a (patch) | |
| tree | d789ae4ba6535f06efa6b3bee252e17d0173cc98 /src/wp-admin/includes/class-custom-image-header.php | |
| parent | c59af567e55de40b6f2f0a85aef73aff3944cca9 (diff) | |
| download | wordpress-b316c8b25fc71920d89ee37ee26609a77b2a305a.tar.gz wordpress-b316c8b25fc71920d89ee37ee26609a77b2a305a.zip | |
General: Replace all `esc_url_raw()` calls in core with `sanitize_url()`.
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.
Follow-up to [11383], [13096], [51597], [53452].
Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.
git-svn-id: https://develop.svn.wordpress.org/trunk@53455 602fd350-edb4-49c9-b593-d223f7449a82
Diffstat (limited to 'src/wp-admin/includes/class-custom-image-header.php')
| -rw-r--r-- | src/wp-admin/includes/class-custom-image-header.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/wp-admin/includes/class-custom-image-header.php b/src/wp-admin/includes/class-custom-image-header.php index c5efc071e1..ffad8879bb 100644 --- a/src/wp-admin/includes/class-custom-image-header.php +++ b/src/wp-admin/includes/class-custom-image-header.php @@ -1159,7 +1159,7 @@ endif; return; } - $choice['url'] = esc_url_raw( $choice['url'] ); + $choice['url'] = sanitize_url( $choice['url'] ); $header_image_data = (object) array( 'attachment_id' => $choice['attachment_id'], @@ -1197,7 +1197,7 @@ endif; } } - set_theme_mod( 'header_image', esc_url_raw( $header_image_data['url'] ) ); + set_theme_mod( 'header_image', sanitize_url( $header_image_data['url'] ) ); set_theme_mod( 'header_image_data', $header_image_data ); } |