[wp-trac] [WordPress Trac] #56160: Deprecate wp_sanitize_redirect

WordPress Trac noreply at wordpress.org
Sat Jul 9 15:45:35 UTC 2022

#56160: Deprecate wp_sanitize_redirect
 Reporter:  malthert     |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Security     |     Version:  2.3
 Severity:  normal       |  Resolution:
 Keywords:  2nd-opinion  |     Focuses:

Comment (by malthert):

 WP core uses it only in 3 functions:
 - wp_redirect
 - wp_safe_redirect
 - wp_validate_redirect

 >The resulting URL is safe to use in database queries, **redirects** and
 HTTP requests.

 So if esc_url_raw is safe to use **in** (= sanitize), then there is no
 need for `wp_sanitize_redirect`, as esc_url_raw already does this.
 If `esc_url_raw` is NOT safe for sanitizing data in redirects, this needs
 to be updated in docs to highlight `wp_sanitize_redirect` has to be used.

 Additionally, it's unclear what the difference between the use cases for
 `sanitize_url` and `wp_sanitize_redirect` are?

Ticket URL: <https://core.trac.wordpress.org/ticket/56160#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list