WordPress.org

Make WordPress Core

Ticket #15198: 15198.diff

File 15198.diff, 1.9 KB (added by duck_, 10 years ago)
  • wp-includes/formatting.php

     
    724724/**
    725725 * Sanitize username stripping out unsafe characters.
    726726 *
    727  * If $strict is true, only alphanumeric characters (as well as _, space, ., -,
    728  * @) are returned.
    729  * Removes tags, octets, entities, and if strict is enabled, will remove all
    730  * non-ASCII characters. After sanitizing, it passes the username, raw username
    731  * (the username in the parameter), and the strict parameter as parameters for
    732  * the filter.
     727 * Removes tags, octets, entities, and if strict is enabled, will only keep
     728 * alphanumeric, _, space, ., -, @. After sanitizing, it passes the username,
     729 * raw username (the username in the parameter), and the value of $strict as
     730 * parameters for the 'sanitize_user' filter.
    733731 *
    734732 * @since 2.0.0
    735733 * @uses apply_filters() Calls 'sanitize_user' hook on username, raw username,
     
    751749        if ( $strict )
    752750                $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
    753751
     752        $username = trim( $username );
    754753        // Consolidate contiguous whitespace
    755754        $username = preg_replace( '|\s+|', ' ', $username );
    756755
     
    760759/**
    761760 * Sanitize a string key.
    762761 *
    763  * Keys are used as internal identifiers. They should be lowercase ASCII.  Dashes and underscores are allowed.
     762 * Keys are used as internal identifiers. Lowercase alphanumeric characters, dashes and underscores are allowed.
    764763 *
    765764 * @since 3.0.0
    766765 *
     
    769768 */
    770769function sanitize_key( $key ) {
    771770        $raw_key = $key;
    772 
    773         $key = preg_replace('|[^a-z0-9 _.\-@]|i', '', $key);
    774 
    775         // Consolidate contiguous whitespace
    776         $key = preg_replace('|\s+|', ' ', $key);
    777 
    778         return apply_filters('sanitize_key', $key, $raw_key);
     771        $key = strtolower( $key );
     772        $key = preg_replace( '/[^a-z0-9_\-]/', '', $key );
     773        return apply_filters( 'sanitize_key', $key, $raw_key );
    779774}
    780775
    781776/**