[wp-trac] [WordPress Trac] #53876: "Un" Deprecate sanitize_url()
WordPress Trac
noreply at wordpress.org
Wed Aug 4 20:51:42 UTC 2021
#53876: "Un" Deprecate sanitize_url()
------------------------------+-----------------------------
Reporter: Ipstenu | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: coding-standards |
------------------------------+-----------------------------
This has been an increasing headache with plugin developers. As we've
started cracking down on lack of sanitization and escaping in plugins
(looking for the more rare cases), we've run into a situation where
developers are justifiably confused and frustrated.
The general rule for people is "Sanitize when you save, escape when you
echo" and for the most part WordPress has well-named functions like
`sanitize_email` and so on.
Except for esc_url_raw()
If you go to
https://developer.wordpress.org/reference/functions/sanitize_url/ it tells
you it’s been deprecated, so when we see it, we have to tell people to
stop using it, but logically it’s maddening.
I brought this up in devchat, but it seems like 'un' deprecating, and
making sanitize_url() a valid alias, would make things a lot less murky
for developers who are trying to do the right thing.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53876>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list