Ticket #16330: 16330.2.diff

wp-admin/includes/file.php

@@ -461 +461 @@
 
         $filename = wp_unique_filename( $uploads['path'], $file['name'], $unique_filename_callback );
 
-        // Strip the query strings.
-        $filename = str_replace('?','-', $filename);
-        $filename = str_replace('&','-', $filename);
-
         // Move the file to the uploads dir
         $new_file = $uploads['path'] . "/$filename";
         if ( false === @ rename( $file['tmp_name'], $new_file ) ) {

wp-admin/includes/media.php

@@ -588 +588 @@
                 // Set variables for storage
                 // fix file filename for query strings
                 preg_match('/[^\?]+\.(jpg|JPG|jpe|JPE|jpeg|JPEG|gif|GIF|png|PNG)/', $file, $matches);
-                $file_array['name'] = basename($matches[0]);
+                $file_array['name'] = urldecode( basename( $matches[0] ) );
                 $file_array['tmp_name'] = $tmp;
 
                 // If error storing temporarily, unlink

wp-includes/formatting.php

@@ -714 +714 @@
  */
 function sanitize_file_name( $filename ) {
         $filename_raw = $filename;
-        $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
+        $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", "%", "+", chr(0));
         $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
         $filename = str_replace($special_chars, '', $filename);
         $filename = preg_replace('/[\s-]+/', '-', $filename);