WordPress 5.9.0 Restored `sanitize_url()` as a Proper Method for Sanitizing URLs

[timnolte]

Bug Description

When using the sanitize_url it is not recognized as being a proper sanitization method, and recommends esc_url_raw().

Minimal Code Snippet

$postid = ! empty( sanitize_url( $_SERVER['REQUEST_URI'] ) ) ? url_to_postid( sanitize_url( $_SERVER['REQUEST_URI'] ) ) : $context['post']->ID;

The issue happens when running this command:

phpcs ...

... over a file containing this code:

$postid = ! empty( sanitize_url( $_SERVER['REQUEST_URI'] ) ) ? url_to_postid( sanitize_url( $_SERVER['REQUEST_URI'] ) ) : $context['post']->ID;

Error Code

Environment

Question	Answer
PHP version	8.0.24
PHP_CodeSniffer version	3.7.1
WPCS version	2.3.0
WPCS install type	Composer project local
IDE (if relevant)	Neovim

Additional Context (optional)

https://developer.wordpress.org/reference/functions/sanitize_url/#changelog

Tested Against develop branch?

• I have verified the issue still exists in the develop branch of WPCS.

[Ipstenu]

This is addressed in #2031

[timnolte]

This issue is not resolve. I am running the latest release 2.3.0 and I'm stilling receiving an error:

 265 | ERROR | sanitize_url() has been deprecated since WordPress
     |       | (WordPress.WP.DeprecatedFunctions.sanitize_urlFound)

[timnolte]

Looks like this is only in the develop release. When are we going to get an official release published so that I can be using something stable?

[jrfnl]

@timnolte When it's ready...

[timnolte]

@jrfnl is there a list of what's outstanding and/or slated to be completed for the next release?

[jrfnl]

@timnolte Ticket #1877 contains the roadmap. A lots of the action items in the roadmap are 90% finished by now, just needs a final push, but as the bulk of the work is coming down to me, it will have to wait until I'm back from my break (which was long overdue).

[jrchamp]

#2031 and the associated PR #2121 only removed the deprecation warning. sanitize_url is not in the list of sanitizing functions in develop:

WordPress-Coding-Standards/WordPress/Sniff.php

Lines 197 to 200 in f4d4ff5

	'sanitize_title' => true,
	'sanitize_user_field' => true,
	'sanitize_user' => true,
	'validate_file' => true,

[jrfnl]

@jrchamp Good point - the sniffs using that array still need to be reviewed anyway, so I'll pick that up when I do that.