WordPress.org

Make WordPress Core

Ticket #10249: 10249.3.patch

File 10249.3.patch, 2.0 KB (added by SergeyBiryukov, 3 years ago)
  • wp-includes/class-wp.php

     
    159159                        // front.  For path info requests, this leaves us with the requesting 
    160160                        // filename, if any.  For 404 requests, this leaves us with the 
    161161                        // requested permalink. 
    162                         $req_uri = str_replace($pathinfo, '', $req_uri); 
     162                        $req_uri = str_replace( $pathinfo, '', rawurldecode($req_uri) ); 
    163163                        $req_uri = trim($req_uri, '/'); 
    164164                        $req_uri = preg_replace("|^$home_path|", '', $req_uri); 
    165165                        $req_uri = trim($req_uri, '/'); 
     
    199199                                                $request_match = $req_uri . '/' . $request; 
    200200 
    201201                                        if ( preg_match("#^$match#", $request_match, $matches) || 
    202                                                 preg_match("#^$match#", urldecode($request_match), $matches) ) { 
     202                                                preg_match("#^$match#", urldecode($request_match), $matches) || 
     203                                                preg_match("#^$match#", strtolower( rawurlencode($request_match) ), $matches) ) { 
    203204 
    204205                                                if ( $wp_rewrite->use_verbose_page_rules && preg_match( '/pagename=\$([^&\[]+)\[([0-9]+)\]/', $query, $varmatch ) ) { 
    205206                                                        // this is a verbose page match, lets check to be sure about it 
  • wp-includes/post.php

     
    31563156        $parts = array_map( 'sanitize_title', $parts ); 
    31573157 
    31583158        $in_string = "'". implode( "','", $parts ) . "'"; 
    3159         $pages = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name IN ({$in_string}) AND (post_type = %s OR post_type = 'attachment')", $post_type ), OBJECT_K ); 
     3159        $post_type_sql = $post_type; 
     3160        $wpdb->escape_by_ref( $post_type_sql ); 
     3161        $pages = $wpdb->get_results( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name IN ($in_string) AND (post_type = '$post_type_sql' OR post_type = 'attachment')", OBJECT_K ); 
    31603162 
    31613163        $revparts = array_reverse( $parts ); 
    31623164