[wp-trac] [WordPress Trac] #56160: Deprecate wp_sanitize_redirect
WordPress Trac
noreply at wordpress.org
Wed Jul 6 15:12:13 UTC 2022
#56160: Deprecate wp_sanitize_redirect
-------------------------+------------------------------
Reporter: malthert | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 2.3
Severity: normal | Resolution:
Keywords: 2nd-opinion | Focuses:
-------------------------+------------------------------
Changes (by costdev):
* keywords: => 2nd-opinion
* version: trunk => 2.3
Comment:
Hi @malthert, thanks for opening this ticket. I've left a few thoughts
below.
-----
[53455] changed `esc_url_raw()` calls to `sanitize_url()` as this is now
the recommended function for sanitizing a URL as of WordPress 6.1.
-----
> All places that currently use it are better served with esc_url_raw and
there seems to be no correct usage of it anywhere (most plugins use it
where esc_url_raw should be used instead).
For discussion, posterity, and for making committers' lives easier should
this get support, could you provide your thoughts on why `esc_url_raw()`
serves some of these usages better, or where it's more appropriate than
`wp_sanitize_redirect()`?
-----
An impact analysis is an important part of any deprecation. I'll kick it
off with some numbers:
- There are [https://wpdirectory.net/search/01G7A010J1RJNHRWGCFZGY7R2D 309
plugin results] for `sanitize_url_redirect\(`.
- There are [https://wpdirectory.net/search/01G7A03793ZHAF11HJ743ZMA1F 0
theme results] for `sanitize_url_redirect\(`.
- There are [https://github.com/search?q=wp_sanitize_redirect&type=code
99k+ results in GitHub], but 10 pages in, it seemed to be entirely within
PHPUnit tests. I'll admit that I stopped looking after page 10.
-----
I've added the `2nd-opinion` keyword to draw attention to this ticket.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56160#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list