WordPress.org

Make WordPress Core

Ticket #10823: 10823.4.diff

File 10823.4.diff, 2.1 KB (added by MikeHansenMe, 5 years ago)

Refreshed

  • src/wp-includes/formatting.php

     
    11451145        $username = remove_accents( $username );
    11461146        // Kill octets
    11471147        $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
    1148         $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities
     1148        $username = preg_replace( '/&#?\w+;/', '', $username ); // Kill entities
    11491149
    11501150        // If strict, reduce to ASCII for max portability.
    1151         if ( $strict )
     1151        if ( $strict ) {
    11521152                $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
     1153        }
    11531154
    11541155        $username = trim( $username );
    11551156        // Consolidate contiguous whitespace
     
    12581259 * @return string The sanitized title.
    12591260 */
    12601261function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'display' ) {
    1261         $title = strip_tags($title);
     1262        $title = strip_tags( $title );
    12621263        // Preserve escaped octets.
    1263         $title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title);
     1264        $title = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title );
    12641265        // Remove percent signs that are not part of an octet.
    1265         $title = str_replace('%', '', $title);
     1266        $title = str_replace( '%', '', $title);
    12661267        // Restore octets.
    1267         $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
     1268        $title = preg_replace( '|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title );
    12681269
    1269         if (seems_utf8($title)) {
    1270                 if (function_exists('mb_strtolower')) {
    1271                         $title = mb_strtolower($title, 'UTF-8');
     1270        if ( seems_utf8( $title ) ) {
     1271                if ( function_exists( 'mb_strtolower' ) ) {
     1272                        $title = mb_strtolower( $title, 'UTF-8' );
    12721273                }
    1273                 $title = utf8_uri_encode($title, 200);
     1274                $title = utf8_uri_encode( $title, 200 );
    12741275        }
    12751276
    1276         $title = strtolower($title);
    1277         $title = preg_replace('/&.+?;/', '', $title); // kill entities
    1278         $title = str_replace('.', '-', $title);
     1277        $title = strtolower( $title );
     1278        $title = preg_replace( '/&#?\w+;/', '', $title ); // kill entities
     1279        $title = str_replace( '.', '-', $title );
    12791280
    12801281        if ( 'save' == $context ) {
    12811282                // Convert nbsp, ndash and mdash to hyphens