Index: wp-includes/formatting.php =================================================================== --- wp-includes/formatting.php (revision 17488) +++ wp-includes/formatting.php (working copy) @@ -734,6 +734,53 @@ } /** + * Remove dot segments from a path + * + * @aince 3.2 + * + * @param string $input The string to remove dot segments from + * @return string + */ +function remove_dot_segments( $input ) { + $output = ''; + while ( false !== strpos( $input, './' ) || false !== strpos( $input, '/.' ) || '.' === $input || '..' === $input ) { + // A: If the input buffer begins with a prefix of "../" or "./", then remove that prefix from the input buffer; otherwise, + if ( 0 === strpos( $input, '../' ) ) { + $input = substr( $input, 3 ); + } elseif ( 0 === strpos( $input, './' ) ) { + $input = substr( $input, 2 ); + } + // B: if the input buffer begins with a prefix of "/./" or "/.", where "." is a complete path segment, then replace that prefix with "/" in the input buffer; otherwise, + elseif ( 0 === strpos( $input, '/./' ) ) { + $input = substr_replace( $input, '/', 0, 3 ); + } elseif ( '/.' === $input ) { + $input = '/'; + } + // C: if the input buffer begins with a prefix of "/../" or "/..", where ".." is a complete path segment, then replace that prefix with "/" in the input buffer and remove the last segment and its preceding "/" (if any) from the output buffer; otherwise, + elseif ( 0 === strpos( $input, '/../' ) ) { + $input = substr_replace( $input, '/', 0, 4 ); + $output = substr_replace( $output, '', strrpos( $output, '/' ) ); + } elseif ( '/..' === $input ) { + $input = '/'; + $output = substr_replace( $output, '', strrpos( $output, '/' ) ); + } + // D: if the input buffer consists only of "." or "..", then remove that from the input buffer; otherwise, + elseif ( '.' === $input || '..' === $input ) { + $input = ''; + } + // E: move the first path segment in the input buffer to the end of the output buffer, including the initial "/" character (if any) and any subsequent characters up to, but not including, the next "/" character or the end of the input buffer + elseif ( false !== ( $pos = strpos( $input, '/', 1 ) ) ) { + $output .= substr( $input, 0, $pos ); + $input = substr_replace( $input, '', 0, $pos ); + } else { + $output .= $input; + $input = ''; + } + } + return $output . $input; +} + +/** * Sanitize username stripping out unsafe characters. * * Removes tags, octets, entities, and if strict is enabled, will only keep Index: wp-includes/general-template.php =================================================================== --- wp-includes/general-template.php (revision 17488) +++ wp-includes/general-template.php (working copy) @@ -116,16 +116,34 @@ * @param string $slug The slug name for the generic template. * @param string $name The name of the specialised template. */ -function get_template_part( $slug, $name = null ) { - do_action( "get_template_part_{$slug}", $slug, $name ); +function get_template_part( $slug, $name = null, $directory = null ) { + if ( false !== strpos( $slug, DIRECTORY_SEPARATOR ) ) { + $original_slug = $slug; + $slug = substr( strrchr( $slug, DIRECTORY_SEPARATOR ), 1 ); + if ( empty( $directory ) ) { + $directory = substr( $original_slug, 0, strrpos( $original_slug, DIRECTORY_SEPARATOR ) ); + } + } + $slug = sanitize_file_name( $slug ); + $directory = rtrim( remove_dot_segments( $directory ), DIRECTORY_SEPARATOR ); + + do_action( "get_template_part_{$slug}", $slug, $name, $directory ); + $templates = array(); + if ( ! empty( $directory ) ) { + if ( isset($name) ) + $templates[] = $directory . DIRECTORY_SEPARATOR . "{$slug}-{$name}.php"; + + $templates[] = $directory . DIRECTORY_SEPARATOR . "{$slug}.php"; + } + if ( isset($name) ) $templates[] = "{$slug}-{$name}.php"; $templates[] = "{$slug}.php"; - locate_template($templates, true, false); + locate_template( $templates, true, false ); } /**