WordPress.org

Make WordPress Core

Ticket #16839: 16839.2.diff

File 16839.2.diff, 1.2 KB (added by garyc40, 7 years ago)

category base can be 'foo/bar' as well, sanitize both category base and tag base this time

  • wp-admin/options-permalink.php

    diff --git wp-admin/options-permalink.php wp-admin/options-permalink.php
    index e5f9a75..a80b673 100644
    if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) { 
    8585        }
    8686
    8787        if ( isset( $_POST['category_base'] ) ) {
    88                 $category_base = $_POST['category_base'];
    89                 if ( ! empty( $category_base ) )
    90                         $category_base = $blog_prefix . preg_replace('#/+#', '/', '/' . str_replace( '#', '', $category_base ) );
     88                $category_base = ltrim( $_POST['category_base'], '/' );
     89                $category_base = empty( $category_base ) ? '' : $blog_prefix . '/' . implode( '/', array_map( 'sanitize_title_with_dashes', preg_split( '|/+|', $category_base ) ) );
    9190                $wp_rewrite->set_category_base( $category_base );
    9291        }
    9392
    9493        if ( isset( $_POST['tag_base'] ) ) {
    95                 $tag_base = $_POST['tag_base'];
    96                 if ( ! empty( $tag_base ) )
    97                         $tag_base = $blog_prefix . preg_replace('#/+#', '/', '/' . str_replace( '#', '', $tag_base ) );
     94                $tag_base = ltrim( $_POST['tag_base'], '/' );
     95                $tag_base = empty( $tag_base ) ? '' : $blog_prefix . '/' . implode( '/', array_map( 'sanitize_title_with_dashes', preg_split( '|/+|', $tag_base ) ) );
    9896                $wp_rewrite->set_tag_base( $tag_base );
    9997        }
    10098