WordPress.org

Make WordPress Core

Ticket #15086: 15086.005.diff

File 15086.005.diff, 3.9 KB (added by aaroncampbell, 7 years ago)
  • wp-includes/formatting.php

     
    722722        return apply_filters('sanitize_file_name', $filename, $filename_raw);
    723723}
    724724
     725 /**
     726 * Remove dot segments from a path
     727 *
     728 * @since 3.3.0
     729 *
     730 * @param string $input The string to remove dot segments from
     731 * @return string
     732 */
     733function remove_dot_segments( $input ) {
     734        $output = '';
     735        while ( false !== strpos( $input, './' ) || false !== strpos( $input, '/.' ) || '.' === $input || '..' === $input ) {
     736                // A: If the input buffer begins with a prefix of "../" or "./", then remove that prefix from the input buffer; otherwise,
     737                if ( 0 === strpos( $input, '../' ) ) {
     738                        $input = substr( $input, 3 );
     739                } elseif ( 0 === strpos( $input, './' ) ) {
     740                        $input = substr( $input, 2 );
     741                }
     742                // B: if the input buffer begins with a prefix of "/./" or "/.", where "." is a complete path segment, then replace that prefix with "/" in the input buffer; otherwise,
     743                elseif ( 0 === strpos( $input, '/./' ) ) {
     744                        $input = substr_replace( $input, '/', 0, 3 );
     745                } elseif ( '/.' === $input ) {
     746                        $input = '/';
     747                }
     748                // C: if the input buffer begins with a prefix of "/../" or "/..", where ".." is a complete path segment, then replace that prefix with "/" in the input buffer and remove the last segment and its preceding "/" (if any) from the output buffer; otherwise,
     749                elseif ( 0 === strpos( $input, '/../' ) ) {
     750                        $input = substr_replace( $input, '/', 0, 4 );
     751                        $output = substr_replace( $output, '', strrpos( $output, '/' ) );
     752                } elseif ( '/..' === $input ) {
     753                        $input = '/';
     754                        $output = substr_replace( $output, '', strrpos( $output, '/' ) );
     755                }
     756                // D: if the input buffer consists only of "." or "..", then remove that from the input buffer; otherwise,
     757                elseif ( '.' === $input || '..' === $input ) {
     758                        $input = '';
     759                }
     760                // E: move the first path segment in the input buffer to the end of the output buffer, including the initial "/" character (if any) and any subsequent characters up to, but not including, the next "/" character or the end of the input buffer
     761                elseif ( false !== ( $pos = strpos( $input, '/', 1 ) ) ) {
     762                        $output .= substr( $input, 0, $pos );
     763                        $input = substr_replace( $input, '', 0, $pos );
     764                } else {
     765                        $output .= $input;
     766                        $input = '';
     767                }
     768        }
     769        return $output . $input;
     770}
     771
    725772/**
    726773 * Sanitize username stripping out unsafe characters.
    727774 *
  • wp-includes/general-template.php

     
    115115 *
    116116 * @param string $slug The slug name for the generic template.
    117117 * @param string $name The name of the specialised template.
     118 * @param string $directory The name of the directory to look in (relative to the theme)
    118119 */
    119 function get_template_part( $slug, $name = null ) {
    120         do_action( "get_template_part_{$slug}", $slug, $name );
     120function get_template_part( $slug, $name = null, $directory = null ) {
     121        if ( false !== strpos( $slug, DIRECTORY_SEPARATOR ) ) {
     122                $original_slug = $slug;
     123                $slug = basename( $original_slug );
     124                if ( empty( $directory ) ) {
     125                        $directory = dirname( $original_slug );
     126                }
     127        }
     128        $slug = sanitize_file_name( $slug );
    121129
     130        $directory = rtrim( remove_dot_segments( $directory ), DIRECTORY_SEPARATOR );
     131
     132        do_action( "get_template_part_{$slug}", $slug, $name, $directory );
     133
    122134        $templates = array();
     135        if ( ! empty( $directory ) ) {
     136                if ( isset($name) )
     137                        $templates[] = $directory . DIRECTORY_SEPARATOR . "{$slug}-{$name}.php";
     138
     139                $templates[] = $directory . DIRECTORY_SEPARATOR . "{$slug}.php";
     140        }
     141
    123142        if ( isset($name) )
    124143                $templates[] = "{$slug}-{$name}.php";
    125144
    126145        $templates[] = "{$slug}.php";
    127146
    128         locate_template($templates, true, false);
     147        locate_template( $templates, true, false );
    129148}
    130149
    131150/**