WordPress.org
Get WordPress

Make WordPress Core

Ticket #22363: 22363.10.patch

File 22363.10.patch, 4.7 KB (added by p_enrique, 12 years ago)

Put the filters back in the same place

  • src/wp-includes/default-filters.php

     
    177177add_filter( 'tiny_mce_before_init',     '_mce_set_direction'                  );
    178178add_filter( 'pre_kses',                 'wp_pre_kses_less_than'               );
    179179add_filter( 'sanitize_title',           'sanitize_title_with_dashes',   10, 3 );
     180add_filter( 'sanitize_file_name',               'remove_accents'                                          );
    180181add_action( 'check_comment_flood',      'check_comment_flood_db',       10, 3 );
    181182add_filter( 'comment_flood_filter',     'wp_throttle_comment_flood',    10, 3 );
    182183add_filter( 'pre_comment_content',      'wp_rel_nofollow',              15    );

  • src/wp-includes/formatting.php

     
    826826}
    827827
    828828/**
    829  * Sanitizes a filename, replacing whitespace with dashes.
     829 * Sanitizes a filename, replacing whitespace and illegal characters with dashes.
    830830 *
    831  * Removes special characters that are illegal in filenames on certain
    832  * operating systems and special characters requiring special escaping
    833  * to manipulate at the command line. Replaces spaces and consecutive
    834  * dashes with a single dash. Trims period, dash and underscore from beginning
    835  * and end of filename.
     831 * Replaces all non-alphabetical, non-decimal characters (including
     832 * spaces) with dashes. Strips HTML tags and sanitizes HTML entities. Munges
     833 * extraneous file extensions with underscores. Converts the filenames to lowercase
     834 * when possible.
    836835 *
     836 * If the PCRE UTF-8 extension is available, this function converts all characters
     837 * that don't have the Unicode property "Letter" or "Decimal number" to dashes.
     838 *
    837839 * @since 2.1.0
    838840 *
    839841 * @param string $filename The filename to be sanitized
     
    841843 */
    842844function sanitize_file_name( $filename ) {
    843845        $filename_raw = $filename;
     846
     847        // Check if PCRE UTF-8 extension is compiled and working.
     848        static $pcre_utf8 = null;
     849        if ( is_null( $pcre_utf8 ) )
     850                $pcre_utf8 = ( 1 === @preg_match( '`[\p{L}]`u', "\xc3\xa0" ) ); // Try to match "latin small letter a with grave". Returns (int) 1 or (boolean) false.
     851
     852        $encoding = seems_utf8( $filename ) ? 'UTF-8' : get_bloginfo( 'charset' );
     853        $utf8_modifier = ( $pcre_utf8 && 'UTF-8' == $encoding ) ? 'u' : '';
     854
     855        $filename = wp_strip_all_tags( $filename );
     856
     857        // Decode all HTML entities available in current encoding and strip the rest
     858        $filename = html_entity_decode( $filename, ENT_QUOTES, $encoding );
     859        $filename = preg_replace( "`&[a-zA-Z]{2,8};`$utf8_modifier", '', $filename );
     860
     861        // Convert illegal characters to dashes
    844862        $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
    845863        $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
    846         $filename = str_replace($special_chars, '', $filename);
    847         $filename = preg_replace('/[\s-]+/', '-', $filename);
    848         $filename = trim($filename, '.-_');
     864        $strip_characters = preg_quote( implode( '', $special_chars ), '`' );
     865        $filename = preg_replace( "`[$strip_characters]`$utf8_modifier", '-', $filename );
    849866
     867        if ( $pcre_utf8 ) {
     868                // Convert everything except letters, decimal numbers, and "." (dot) to dashes if the PCRE UTF-8 extension is available
     869                $filename = preg_replace( "`(?!\.)[^\p{L}\p{Nd}]+`$utf8_modifier", '-', $filename );
     870                if ( ! $filename ) // Invalid UTF-8 string or empty
     871                        return '';
     872        }
     873
     874        $filename = preg_replace( "`[\s-]+`$utf8_modifier", '-', $filename ); // Check whitespace and multiple dashes
     875        $filename = preg_replace( "`-\.`$utf8_modifier", '.', $filename );  // Trim dashes before a dot
     876        $filename = trim( $filename, '.-_' );
     877
     878        if ( function_exists( 'mb_strtolower' ) )
     879                $filename = mb_strtolower( $filename, mb_detect_encoding( $filename ) );
     880        else if ( ! preg_match( '/[^\x20-\x7f]/', $string ) ) // Only ASCII characters present
     881                $filename = strtolower( $filename );
     882
    850883        // Split the filename into a base and extension[s]
    851884        $parts = explode('.', $filename);
    852885
     
    864897        foreach ( (array) $parts as $part) {
    865898                $filename .= '.' . $part;
    866899
    867                 if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) {
     900                if ( preg_match("`^[a-zA-Z]{2,5}\d?$`$utf8_modifier", $part) ) {
    868901                        $allowed = false;
    869902                        foreach ( $mimes as $ext_preg => $mime_match ) {
    870                                 $ext_preg = '!^(' . $ext_preg . ')$!i';
     903                                $ext_preg = "`^($ext_preg)$`i$utf8_modifier";
    871904                                if ( preg_match( $ext_preg, $part ) ) {
    872905                                        $allowed = true;
    873906                                        break;