General: Restore (un-deprecate) the sanitize_url() function.

A general security rule is "Sanitize when you save, escape when you echo", and for the most part WordPress has well-named functions like `sanitize_email()` and others, with `esc_url_raw()` being a single exception that does not follow the naming. This commit restores the previously deprecated `sanitize_url()` function as a valid alias of `esc_url_raw()`. This better aligns with the naming with other `sanitize_*()` functions: * `sanitize_bookmark()` * `sanitize_bookmark_field()` * `sanitize_category()` * `sanitize_category_field()` * `sanitize_comment_cookies()` * `sanitize_email()` * `sanitize_file_name()` * `sanitize_hex_color()` * `sanitize_hex_color_no_hash()` * `sanitize_html_class()` * `sanitize_key()` * `sanitize_meta()` * `sanitize_mime_type()` * `sanitize_option()` * `sanitize_post()` * `sanitize_post_field()` * `sanitize_sql_orderby()` * `sanitize_term()` * `sanitize_term_field()` * `sanitize_text_field()` * `sanitize_textarea_field()` * `sanitize_title()` * `sanitize_title_for_query()` * `sanitize_title_with_dashes()` * `sanitize_trackback_urls()` * `sanitize_user()` * `sanitize_user_field()` Follow-up to [11383], [13096]. Props Ipstenu, aadilali. Fixes #53876. Built from https://develop.svn.wordpress.org/trunk@51597 git-svn-id: http://core.svn.wordpress.org/trunk@51208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-12-22 17:18:32 +01:00 · 2021-08-10 19:44:59 +00:00 · 2021-08-10 19:44:59 +00:00 · d8413a32e1
commit d8413a32e1
parent 78e8a3db65
3 changed files with 22 additions and 18 deletions
--- a/wp-includes/deprecated.php
+++ b/wp-includes/deprecated.php
@ -2023,22 +2023,6 @@ function get_link( $bookmark_id, $output = OBJECT, $filter = 'raw' ) {
 	return get_bookmark($bookmark_id, $output, $filter);
 }

-/**
- * Performs esc_url() for database or redirect usage.
- *
- * @since 2.3.1
- * @deprecated 2.8.0 Use esc_url_raw()
- * @see esc_url_raw()
- *
- * @param string $url The URL to be cleaned.
- * @param array $protocols An array of acceptable protocols.
- * @return string The cleaned URL.
- */
-function sanitize_url( $url, $protocols = null ) {
-	_deprecated_function( __FUNCTION__, '2.8.0', 'esc_url_raw()' );
-	return esc_url_raw( $url, $protocols );
-}
-
 /**
 * Checks and cleans a URL.
 *
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@ -4404,7 +4404,7 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
 }

 /**
- * Performs esc_url() for database usage.
+ * Performs esc_url() for database or redirect usage.
 *
 * @since 2.8.0
 *
@ -4419,6 +4419,26 @@ function esc_url_raw( $url, $protocols = null ) {
 	return esc_url( $url, $protocols, 'db' );
 }

+/**
+ * Performs esc_url() for database or redirect usage.
+ *
+ * This function is an alias for esc_url_raw().
+ *
+ * @since 2.3.1
+ * @since 2.8.0 Deprecated in favor of esc_url_raw().
+ * @since 5.9.0 Restored (un-deprecated).
+ *
+ * @see esc_url_raw()
+ *
+ * @param string   $url       The URL to be cleaned.
+ * @param string[] $protocols Optional. An array of acceptable protocols.
+ *                            Defaults to return value of wp_allowed_protocols().
+ * @return string The cleaned URL after esc_url() is run with the 'db' context.
+ */
+function sanitize_url( $url, $protocols = null ) {
+	return esc_url_raw( $url, $protocols );
+}
+
 /**
 * Convert entities, while preserving already-encoded entities.
 *
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,7 +13,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.9-alpha-51595';
+$wp_version = '5.9-alpha-51597';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.