sanitize_url()

💡 云策文档标注

概述

sanitize_url() 函数用于清理 URL，适用于数据库存储或重定向场景。它本质上是调用 esc_url() 函数并指定 'db' 上下文，确保 URL 的安全性和有效性。

关键要点

函数接受两个参数：必需参数 $url（要清理的 URL）和可选参数 $protocols（可接受的协议数组，默认为 wp_allowed_protocols() 的返回值）。
返回值为经过 esc_url() 处理后的清理 URL，使用 'db' 上下文。
该函数在 WordPress 6.9.0 版本中新增了自动添加 https:// 前缀的功能（如果 URL 无协议且 $protocols 的第一个元素是 'https'）。
历史版本中，该函数曾被弃用（2.8.0 版本）并恢复（5.9.0 版本），开发者需注意兼容性。

代码示例

$new_input = sanitize_url( $input, array( 'http', 'https' ) );

📄 原文内容

Sanitizes a URL for database or redirect usage.

Description

Parameters

$urlstringrequired: The URL to be cleaned.
$protocolsstring[]optional: An array of acceptable protocols.
Defaults to return value of wp_allowed_protocols() .

Default:null

Return

string The cleaned URL after esc_url() is run with the 'db' context.

Source

function sanitize_url( $url, $protocols = null ) {
	return esc_url( $url, $protocols, 'db' );
}

View all references View on Trac View on GitHub

Uses	Description
esc_url()`wp-includes/formatting.php`	Checks and cleans a URL.

Used by	Description
WP_Theme_JSON_Resolver::get_resolved_theme_uris()`wp-includes/class-wp-theme-json-resolver.php`	Resolves relative paths in theme.json styles to theme absolute paths and returns them in an array that can be embedded as the value of `_link` object in REST API responses.
WP_REST_Font_Faces_Controller::sanitize_src()`wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php`	Sanitizes a single src value for a font face.
_wp_theme_json_webfonts_handler()`wp-includes/deprecated.php`	Runs the theme.json webfonts handler.
WP_REST_Menu_Items_Controller::get_item_schema()`wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php`	Retrieves the nav menu item’s schema, conforming to JSON Schema.
wp_default_packages_inline_scripts()`wp-includes/script-loader.php`	Adds inline scripts required for the WordPress JavaScript packages.
_wp_privacy_send_request_confirmation_notification()`wp-includes/user.php`	Notifies the site administrator via email when a request is confirmed.
_wp_privacy_send_erasure_fulfillment_notification()`wp-includes/user.php`	Notifies the user when their erasure request is fulfilled.
wp_send_user_request()`wp-includes/user.php`	Send a confirmation request email to confirm an action.
wp_privacy_send_personal_data_export_email()`wp-admin/includes/privacy-tools.php`	Send an email to the user with a link to the personal data export file
WP_Customize_Manager::_sanitize_external_header_video()`wp-includes/class-wp-customize-manager.php`	Callback for sanitizing the external_header_video value.
rest_sanitize_value_from_schema()`wp-includes/rest-api.php`	Sanitize a value based on a schema.
WP_Customize_Manager::_sanitize_background_setting()`wp-includes/class-wp-customize-manager.php`	Callback for validating a background setting value.
WP_Customize_Manager::_validate_external_header_video()`wp-includes/class-wp-customize-manager.php`	Callback for validating the external_header_video value.
get_header_video_url()`wp-includes/theme.php`	Retrieves header video URL for custom header.
rest_send_cors_headers()`wp-includes/rest-api.php`	Sends Cross-Origin Resource Sharing headers with API requests.
rest_output_link_header()`wp-includes/rest-api.php`	Sends a Link header for the REST API.
get_post_embed_url()`wp-includes/embed.php`	Retrieves the URL to embed a specific post in an iframe.
WP_Customize_Manager::set_return_url()`wp-includes/class-wp-customize-manager.php`	Sets URL to link the user to when closing the Customizer.
WP_Customize_Manager::customize_pane_settings()`wp-includes/class-wp-customize-manager.php`	Prints JavaScript settings for parent window.
WP_Customize_Manager::set_preview_url()`wp-includes/class-wp-customize-manager.php`	Sets the initial URL to be previewed.
WP_REST_Server::serve_request()`wp-includes/rest-api/class-wp-rest-server.php`	Handles serving a REST API request.
WP_Customize_Nav_Menu_Item_Setting::sanitize()`wp-includes/customize/class-wp-customize-nav-menu-item-setting.php`	Sanitize an input.
get_editor_stylesheets()`wp-includes/theme.php`	Retrieves any registered editor stylesheet URLs.
login_footer()`wp-login.php`	Outputs the footer for the login page.
wp_prepare_themes_for_js()`wp-admin/includes/theme.php`	Prepares themes for JavaScript.
export_wp()`wp-admin/includes/export.php`	Generates the WXR export file for download.
edit_user()`wp-admin/includes/user.php`	Edit user settings based on contents of $_POST
wp_media_upload_handler()`wp-admin/includes/media.php`	Handles the process of uploading media.
edit_post()`wp-admin/includes/post.php`	Updates an existing post with values provided in `$_POST`.
wp_ajax_send_link_to_editor()`wp-admin/includes/ajax-actions.php`	Handles sending a link to the editor via AJAX.
_wp_ajax_delete_comment_response()`wp-admin/includes/ajax-actions.php`	Sends back current comment total and new page links if they need to be updated.
Custom_Image_Header::set_header_image()`wp-admin/includes/class-custom-image-header.php`	Chooses a header image, selected from existing uploaded and default headers, or provides an array of uploaded header data (either new, or from media library).
Custom_Background::wp_set_background_image()`wp-admin/includes/class-custom-background.php`
Custom_Background::handle_upload()`wp-admin/includes/class-custom-background.php`	Handles an Image upload for the background image.
WP_Customize_Manager::customize_preview_settings()`wp-includes/class-wp-customize-manager.php`	Prints JavaScript settings for preview frame.
_custom_background_cb()`wp-includes/theme.php`	Default custom background callback.
get_header_image()`wp-includes/theme.php`	Retrieves header image for custom header.
get_uploaded_header_images()`wp-includes/theme.php`	Gets the header images uploaded for the active theme.
get_url_in_content()`wp-includes/formatting.php`	Extracts and returns the first URL from passed content.
sanitize_option()`wp-includes/formatting.php`	Sanitizes various option values based on the nature of the option.
esc_url_raw()`wp-includes/formatting.php`	Sanitizes a URL for database or redirect usage.
get_the_generator()`wp-includes/general-template.php`	Creates the generator XML or Comment for RSS, ATOM, etc.
WP_Theme::sanitize_header()`wp-includes/class-wp-theme.php`	Sanitizes a theme header.
wp_nonce_ays()`wp-includes/functions.php`	Displays “Are You Sure” message to confirm the action being taken.
wp_widget_rss_process()`wp-includes/widgets.php`	Processes RSS feed widget data and optionally retrieve feed items.
get_pagenum_link()`wp-includes/link-template.php`	Retrieves the link for a page number.
wp_update_plugins()`wp-includes/update.php`	Checks for available updates to plugins based on the latest versions hosted on WordPress.org.
wp_update_themes()`wp-includes/update.php`	Checks for available updates to themes based on the latest versions hosted on WordPress.org.
get_blogaddress_by_domain()`wp-includes/ms-deprecated.php`	Get a full site URL, given a domain and a path.
wp_update_nav_menu_item()`wp-includes/nav-menu.php`	Saves the properties of a menu item or create a new one.
wp_default_scripts()`wp-includes/script-loader.php`	Registers all WordPress scripts.

Show 46 more Show less

Changelog

Version	Description
6.9.0	Prepends `https://` to the URL if it does not already contain a scheme and the first item in `$protocols` is `'https'`.
5.9.0	Restored (un-deprecated).
2.8.0	Deprecated in favor of esc_url_raw() .
2.3.1	Introduced.

User Contributed Notes

Skip to note 2 content

Rafa Carvalhido

3 years ago

You must log in to vote on the helpfulness of this noteVote results for this note: 2You must log in to vote on the helpfulness of this note
Example of use:
```
$new_input = sanitize_url( $input, array( 'http', 'https' ) );
```
Log in to add feedback

云策 WordPress 开发者社区

函数文档