Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WordPress 5.9.0 Restored sanitize_url() as a Proper Method for Sanitizing URLs #2189

Closed
1 task done
timnolte opened this issue Jan 9, 2023 · 8 comments
Closed
1 task done

WordPress 5.9.0 Restored sanitize_url() as a Proper Method for Sanitizing URLs #2189

timnolte opened this issue Jan 9, 2023 · 8 comments
Milestone
3.0.0

Comments

@timnolte
Copy link

timnolte commented Jan 9, 2023
edited
Loading

Bug Description

When using the sanitize_url it is not recognized as being a proper sanitization method, and recommends esc_url_raw().

Minimal Code Snippet

$postid = ! empty( sanitize_url( $_SERVER['REQUEST_URI'] ) ) ? url_to_postid( sanitize_url( $_SERVER['REQUEST_URI'] ) ) : $context['post']->ID;

The issue happens when running this command:

phpcs ...

... over a file containing this code:

$postid = ! empty( sanitize_url( $_SERVER['REQUEST_URI'] ) ) ? url_to_postid( sanitize_url( $_SERVER['REQUEST_URI'] ) ) : $context['post']->ID;

Error Code

Environment

Question Answer
PHP version 8.0.24
PHP_CodeSniffer version 3.7.1
WPCS version 2.3.0
WPCS install type Composer project local
IDE (if relevant) Neovim

Additional Context (optional)

https://developer.wordpress.org/reference/functions/sanitize_url/#changelog

Tested Against develop branch?

  • I have verified the issue still exists in the develop branch of WPCS.
@Ipstenu
Copy link
Contributor

Ipstenu commented Jan 9, 2023

This is addressed in #2031

@dingo-d dingo-d closed this as completed Jan 9, 2023
@timnolte
Copy link
Author

This issue is not resolve. I am running the latest release 2.3.0 and I'm stilling receiving an error:

 265 | ERROR | sanitize_url() has been deprecated since WordPress
     |       | (WordPress.WP.DeprecatedFunctions.sanitize_urlFound)

@timnolte
Copy link
Author

Looks like this is only in the develop release. When are we going to get an official release published so that I can be using something stable?

@jrfnl jrfnl added this to the 3.0.0 milestone Jan 23, 2023
@jrfnl
Copy link
Member

jrfnl commented Jan 23, 2023

@timnolte When it's ready...

@timnolte
Copy link
Author

@jrfnl is there a list of what's outstanding and/or slated to be completed for the next release?

@jrfnl
Copy link
Member

jrfnl commented Jan 23, 2023

@timnolte Ticket #1877 contains the roadmap. A lots of the action items in the roadmap are 90% finished by now, just needs a final push, but as the bulk of the work is coming down to me, it will have to wait until I'm back from my break (which was long overdue).

@jrchamp
Copy link

jrchamp commented Mar 22, 2023

#2031 and the associated PR #2121 only removed the deprecation warning. sanitize_url is not in the list of sanitizing functions in develop:

WordPress-Coding-Standards/WordPress/Sniff.php

Lines 197 to 200 in f4d4ff5

'sanitize_title' => true,
'sanitize_user_field' => true,
'sanitize_user' => true,
'validate_file' => true,

@jrfnl
Copy link
Member

jrfnl commented Mar 23, 2023

@jrchamp Good point - the sniffs using that array still need to be reviewed anyway, so I'll pick that up when I do that.

@jrfnl jrfnl mentioned this issue Jul 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.0.0
Development

No branches or pull requests
5 participants
@jrchamp @jrfnl @Ipstenu @timnolte @dingo-d