WordPress.org

Make WordPress Core

Ticket #10823: 10823.5.diff

File 10823.5.diff, 2.4 KB (added by lukecavanagh, 4 years ago)

Patch Refreshed

  • wp-includes/formatting.php

     
    18141814        $username = remove_accents( $username );
    18151815        // Kill octets
    18161816        $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
    1817         $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities
     1817        $username = preg_replace( '/&#?\w+;/', '', $username ); // Kill entities
    18181818
    18191819        // If strict, reduce to ASCII for max portability.
    1820         if ( $strict )
     1820        if ( $strict ) {
    18211821                $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
     1822  }
    18221823
    1823         $username = trim( $username );
     1824        $username = trim( $username
    18241825        // Consolidate contiguous whitespace
    18251826        $username = preg_replace( '|\s+|', ' ', $username );
    18261827
     
    19271928 * @return string The sanitized title.
    19281929 */
    19291930function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'display' ) {
    1930         $title = strip_tags($title);
     1931        $title = strip_tags( $title );
    19311932        // Preserve escaped octets.
    1932         $title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title);
     1933        $title = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title );
    19331934        // Remove percent signs that are not part of an octet.
    1934         $title = str_replace('%', '', $title);
     1935        $title = str_replace( '%', '', $title);
    19351936        // Restore octets.
    1936         $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
     1937        $title = preg_replace( '|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title );
    19371938
    1938         if (seems_utf8($title)) {
    1939                 if (function_exists('mb_strtolower')) {
    1940                         $title = mb_strtolower($title, 'UTF-8');
     1939        if ( seems_utf8( $title ) ) {
     1940                if ( function_exists( 'mb_strtolower' ) ) {
     1941                        $title = mb_strtolower( $title, 'UTF-8' );
    19411942                }
    1942                 $title = utf8_uri_encode($title, 200);
     1943                $title = utf8_uri_encode( $title, 200 );
    19431944        }
    19441945
    1945         $title = strtolower($title);
     1946        $title = strtolower( $title );
    19461947
    19471948        if ( 'save' == $context ) {
    19481949                // Convert nbsp, ndash and mdash to hyphens
     
    19711972                $title = str_replace( '%c3%97', 'x', $title );
    19721973        }
    19731974
    1974         $title = preg_replace('/&.+?;/', '', $title); // kill entities
    1975         $title = str_replace('.', '-', $title);
     1975        $title = preg_replace( '/&#?\w+;/', '', $title ); // kill entities
     1976        $title = str_replace( '.', '-', $title );
    19761977
    19771978        $title = preg_replace('/[^%a-z0-9 _-]/', '', $title);
    19781979        $title = preg_replace('/\s+/', '-', $title);