Ticket #22363: 22363.11.patch
| File 22363.11.patch, 8.1 KB (added by , 9 years ago) |
|---|
-
src/wp-includes/default-filters.php
190 190 add_filter( 'teeny_mce_before_init', '_mce_set_direction' ); 191 191 add_filter( 'pre_kses', 'wp_pre_kses_less_than' ); 192 192 add_filter( 'sanitize_title', 'sanitize_title_with_dashes', 10, 3 ); 193 add_filter( 'sanitize_file_name', 'remove_accents' ); 193 194 add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 3 ); 194 195 add_filter( 'comment_flood_filter', 'wp_throttle_comment_flood', 10, 3 ); 195 196 add_filter( 'pre_comment_content', 'wp_rel_nofollow', 15 ); -
src/wp-includes/formatting.php
1358 1358 } 1359 1359 1360 1360 /** 1361 * Sanitizes a filename, replacing whitespace with dashes.1361 * Sanitizes a filename, replacing whitespace and illegal characters with dashes. 1362 1362 * 1363 * Removes special characters that are illegal in filenames on certain 1364 * operating systems and special characters requiring special escaping 1365 * to manipulate at the command line. Replaces spaces and consecutive 1366 * dashes with a single dash. Trims period, dash and underscore from beginning 1367 * and end of filename. 1363 * Replaces all non-alphabetical, non-decimal characters (including 1364 * spaces) with dashes. Strips HTML tags and sanitizes HTML entities. Munges 1365 * extraneous file extensions with underscores. Converts the filenames to lowercase 1366 * when possible. 1368 1367 * 1368 * If the PCRE UTF-8 extension is available, this function converts all characters 1369 * that don't have the Unicode property "Letter" or "Decimal number" to dashes. 1370 * 1369 1371 * @since 2.1.0 1370 1372 * 1371 1373 * @param string $filename The filename to be sanitized … … 1373 1375 */ 1374 1376 function sanitize_file_name( $filename ) { 1375 1377 $filename_raw = $filename; 1378 $pcre_utf8 = _wp_can_use_pcre_u(); 1379 $encoding = seems_utf8( $filename ) ? 'UTF-8' : get_bloginfo( 'charset' ); 1380 $utf8_modifier = ( $pcre_utf8 && 'UTF-8' == $encoding ) ? 'u' : ''; 1381 1382 $filename = wp_strip_all_tags( $filename ); 1383 1384 // Decode all HTML entities available in current encoding and strip the rest 1385 $filename = html_entity_decode( $filename, ENT_QUOTES, $encoding ); 1386 $filename = preg_replace( "`&[a-zA-Z]{2,8};`$utf8_modifier", '', $filename ); 1387 1388 // Convert illegal characters to dashes 1376 1389 $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", "%", "+", chr(0)); 1377 1390 /** 1378 1391 * Filter the list of characters to remove from a filename. … … 1383 1396 * @param string $filename_raw Filename as it was passed into sanitize_file_name(). 1384 1397 */ 1385 1398 $special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw ); 1386 $filename = preg_replace( "#\x{00a0}#siu", ' ', $filename ); 1387 $filename = str_replace( $special_chars, '', $filename ); 1388 $filename = str_replace( array( '%20', '+' ), '-', $filename ); 1389 $filename = preg_replace( '/[\r\n\t -]+/', '-', $filename ); 1399 $strip_characters = preg_quote( implode( '', $special_chars ), '`' ); 1400 $filename = preg_replace( "`[$strip_characters]`$utf8_modifier", '-', $filename ); 1401 1402 if ( $pcre_utf8 ) { 1403 // Convert everything except letters, decimal numbers, and "." (dot) to dashes if the PCRE UTF-8 extension is available 1404 $filename = preg_replace( "`(?!\.)[^\p{L}\p{Nd}]+`$utf8_modifier", '-', $filename ); 1405 1406 if ( ! $filename ) { // Invalid UTF-8 string or empty 1407 return ''; 1408 } 1409 } 1410 1411 $filename = preg_replace( "`[\s-]+`$utf8_modifier", '-', $filename ); // Check whitespace and multiple dashes 1412 $filename = preg_replace( "`-\.`$utf8_modifier", '.', $filename ); // Trim dashes before a dot 1390 1413 $filename = trim( $filename, '.-_' ); 1391 1414 1415 if ( function_exists( 'mb_strtolower' ) ) { 1416 $filename = mb_strtolower( $filename, mb_detect_encoding( $filename ) ); 1417 } 1418 else { 1419 $filename = strtolower( $filename ); 1420 } 1421 1392 1422 // Split the filename into a base and extension[s] 1393 1423 $parts = explode('.', $filename); 1394 1424 … … 1417 1447 foreach ( (array) $parts as $part) { 1418 1448 $filename .= '.' . $part; 1419 1449 1420 if ( preg_match(" /^[a-zA-Z]{2,5}\d?$/", $part) ) {1450 if ( preg_match("`^[a-zA-Z]{2,5}\d?$`$utf8_modifier", $part) ) { 1421 1451 $allowed = false; 1422 1452 foreach ( $mimes as $ext_preg => $mime_match ) { 1423 $ext_preg = '!^(' . $ext_preg . ')$!i';1453 $ext_preg = "`^($ext_preg)$`i$utf8_modifier"; 1424 1454 if ( preg_match( $ext_preg, $part ) ) { 1425 1455 $allowed = true; 1426 1456 break; -
tests/phpunit/tests/formatting/SanitizeFileName.php
16 16 foreach ( $special_chars as $char ) 17 17 $string .= $char; 18 18 $string .= 'test'; 19 $this->assertEquals( 'test test', sanitize_file_name( $string ) );19 $this->assertEquals( 'test-test', sanitize_file_name( $string ) ); 20 20 } 21 21 22 22 /** … … 28 28 $urls = array( 29 29 'unencoded space.png' => 'unencoded-space.png', 30 30 'encoded-space.jpg' => 'encoded-space.jpg', 31 'plus+space.jpg' => 'plus space.jpg',31 'plus+space.jpg' => 'plus-space.jpg', 32 32 'multi %20 +space.png' => 'multi-20-space.png', 33 33 ); 34 34 … … 47 47 48 48 function test_replaces_any_amount_of_whitespace_with_one_hyphen() { 49 49 $this->assertEquals("a-t", sanitize_file_name("a t")); 50 $this->assertEquals("a-t", sanitize_file_name("a \ n\n\nt"));50 $this->assertEquals("a-t", sanitize_file_name("a \t\r\n\n\nt")); 51 51 } 52 52 53 53 /** … … 54 54 * @ticket 16226 55 55 */ 56 56 function test_replaces_percent_sign() { 57 $this->assertEquals( 'a 22b.jpg', sanitize_file_name( 'a%22b.jpg' ) );57 $this->assertEquals( 'a-22b.jpg', sanitize_file_name( 'a%22b.jpg' ) ); 58 58 } 59 60 function test_replaces_utf8_whitespace() { 61 if ( ! $this->pcre_utf8_support() ) { 62 $this->markTestSkipped(); 63 } 64 65 $this->assertEquals("non-breaking", sanitize_file_name("non\xc2\xa0breaking")); 66 } 67 68 function test_returns_lowercase() { 69 if ( ! function_exists( 'mb_strtolower' ) ) { 70 $this->markTestSkipped(); 71 } 72 73 $this->assertEquals( 'abcd', sanitize_file_name('ABCD') ); 74 } 75 76 function test_replaces_accents() { 77 $in = 'àáâãäåæçèéêëìíîïñòóôõöøùúûüýÿ'; 78 $out = 'aaaaaaaeceeeeiiiinoooooouuuuyy'; 79 $this->assertEquals( $out, sanitize_file_name( $in ) ); 80 } 81 82 function test_strips_non_alpha_html_entities() { 83 if ( ! $this->pcre_utf8_support() ) { 84 $this->markTestSkipped(); 85 } 86 87 $this->assertEquals("start-end", sanitize_file_name( "start © & € – end" ) ); 88 $this->assertEquals("start-end", sanitize_file_name( "start &invalid; end" ) ); 89 } 90 91 function test_converts_alpha_html_entities() { 92 if ( ! $this->pcre_utf8_support() ) { 93 $this->markTestSkipped(); 94 } 95 96 $this->assertEquals("start-a-e-n-o-ae-end", sanitize_file_name("start à ê ñ ø æ end" ) ); 97 } 98 99 function test_removes_non_alphanum_characters() { 100 if ( ! $this->pcre_utf8_support() ) { 101 $this->markTestSkipped(); 102 } 103 104 $test_input = "start ¿”©“? «±€—°» middle “√¼ = ♫” & „☺ + ☻ = ♥‟ end"; 105 $this->assertEquals("start-middle-end", sanitize_file_name( $test_input ) ); 106 } 107 108 function test_returns_empty_on_invalid_utf8() { 109 if ( ! $this->pcre_utf8_support() ) { 110 $this->markTestSkipped(); 111 } 112 113 $this->assertEquals( '', sanitize_file_name( "Invalid \xff utf8" ) ); 114 } 115 116 function test_returns_lowercase_utf8() { 117 if ( ! $this->pcre_utf8_support() || ! function_exists( 'mb_strtolower' ) ) { 118 $this->markTestSkipped(); 119 } 120 121 $this->assertEquals( 'βασιλ-правах', sanitize_file_name( 'ΒΑΣΙΛ ПРАВАХ' ) ); 122 } 123 124 private function pcre_utf8_support() { 125 static $support = null; 126 127 if ( is_null($support) ) { 128 $support = _wp_can_use_pcre_u(); 129 } 130 131 return $support; 132 } 133 59 134 }