[wp-trac] [WordPress Trac] #56160: Deprecate wp_sanitize_redirect
WordPress Trac
noreply at wordpress.org
Sat Jul 9 15:45:35 UTC 2022
#56160: Deprecate wp_sanitize_redirect
-------------------------+------------------------------
Reporter: malthert | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 2.3
Severity: normal | Resolution:
Keywords: 2nd-opinion | Focuses:
-------------------------+------------------------------
Comment (by malthert):
WP core uses it only in 3 functions:
- wp_redirect
- wp_safe_redirect
- wp_validate_redirect
https://developer.wordpress.org/reference/functions/esc_url_raw/
States:
>The resulting URL is safe to use in database queries, **redirects** and
HTTP requests.
So if esc_url_raw is safe to use **in** (= sanitize), then there is no
need for `wp_sanitize_redirect`, as esc_url_raw already does this.
If `esc_url_raw` is NOT safe for sanitizing data in redirects, this needs
to be updated in docs to highlight `wp_sanitize_redirect` has to be used.
Additionally, it's unclear what the difference between the use cases for
`sanitize_url` and `wp_sanitize_redirect` are?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56160#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list