Ticket #10823: 10823.5.diff

wp-includes/formatting.php

@@ -1814 +1814 @@
         $username = remove_accents( $username );
         // Kill octets
         $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
-        $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities
+        $username = preg_replace( '/&#?\w+;/', '', $username ); // Kill entities
 
         // If strict, reduce to ASCII for max portability.
-        if ( $strict )
+        if ( $strict ) {
                 $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
+  }
 
-        $username = trim( $username );
+        $username = trim( $username
         // Consolidate contiguous whitespace
         $username = preg_replace( '|\s+|', ' ', $username );
 
@@ -1927 +1928 @@
  * @return string The sanitized title.
  */
 function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'display' ) {
-        $title = strip_tags($title);
+        $title = strip_tags( $title );
         // Preserve escaped octets.
-        $title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title);
+        $title = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title );
         // Remove percent signs that are not part of an octet.
-        $title = str_replace('%', '', $title);
+        $title = str_replace( '%', '', $title);
         // Restore octets.
-        $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
+        $title = preg_replace( '|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title );
 
-        if (seems_utf8($title)) {
-                if (function_exists('mb_strtolower')) {
-                        $title = mb_strtolower($title, 'UTF-8');
+        if ( seems_utf8( $title ) ) {
+                if ( function_exists( 'mb_strtolower' ) ) {
+                        $title = mb_strtolower( $title, 'UTF-8' );
                 }
-                $title = utf8_uri_encode($title, 200);
+                $title = utf8_uri_encode( $title, 200 );
         }
 
-        $title = strtolower($title);
+        $title = strtolower( $title );
 
         if ( 'save' == $context ) {
                 // Convert nbsp, ndash and mdash to hyphens
@@ -1971 +1972 @@
                 $title = str_replace( '%c3%97', 'x', $title );
         }
 
-        $title = preg_replace('/&.+?;/', '', $title); // kill entities
-        $title = str_replace('.', '-', $title);
+        $title = preg_replace( '/&#?\w+;/', '', $title ); // kill entities
+        $title = str_replace( '.', '-', $title );
 
         $title = preg_replace('/[^%a-z0-9 _-]/', '', $title);
         $title = preg_replace('/\s+/', '-', $title);