WordPress.org

Make WordPress Core

Ticket #22286: backslashit-with-array-access.diff

File backslashit-with-array-access.diff, 1.5 KB (added by jbutkus, 6 years ago)

Using addcslashes for [A..z] and ASCII char comparison for starting digit

  • tests/formatting/Slashit.php

     
    44 * @group formatting
    55 */
    66class Tests_Formatting_Slashit extends WP_UnitTestCase {
     7        function test_backslashes_middle_numbers() {
     8                $this->assertEquals("\\a-!9\\a943\\b\\c", backslashit("a-!9a943bc"));
     9        }
     10
    711        function test_backslashes_alphas() {
    812                $this->assertEquals("\\a943\\b\\c", backslashit("a943bc"));
    913        }
  • wordpress/wp-includes/formatting.php

     
    13421342 * @return string String with backslashes inserted.
    13431343 */
    13441344function backslashit($string) {
    1345         $string = preg_replace('/^([0-9])/', '\\\\\\\\\1', $string);
    1346         $string = preg_replace('/([a-z])/i', '\\\\\1', $string);
     1345        // string literals are chosen instead of 0x30..0x39 as value selected
     1346        // from string is more likely to be string, than integer, thus casted
     1347        // PHP form shall take place
     1348        if ( isset( $string[0] ) && $string[0] >= '0' && $string[0] <= '9' ) {
     1349                $string = '\\\\' . $string;
     1350        }
     1351        // Do not use [A..z], as it would also add backslashes to intermediate
     1352        // characters (namely: '[', '\', ']', '^', '_', '`').
     1353        $string = addcslashes(
     1354                $string,
     1355                'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
     1356        );
    13471357        return $string;
    13481358}
    13491359