WordPress.org

Make WordPress Core

Ticket #16226: 16226.diff

File 16226.diff, 833 bytes (added by solarissmoke, 3 years ago)

Don't allow % in filenames as it will cause false urlencoding

  • wp-includes/formatting.php

     
    692692 */ 
    693693function sanitize_file_name( $filename ) { 
    694694        $filename_raw = $filename; 
    695         $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0)); 
     695        $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", '%', chr(0)); 
    696696        $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw); 
    697697        $filename = str_replace($special_chars, '', $filename); 
    698698        $filename = preg_replace('/[\s-]+/', '-', $filename);