Ticket #27583: 27583.diff
| File 27583.diff, 5.3 KB (added by , 11 years ago) |
|---|
-
wp-admin/custom-background.php
159 159 set_theme_mod('background_attachment', $attachment); 160 160 } 161 161 162 if ( isset( $_POST['background-color']) ) {162 if ( isset( $_POST['background-color'] ) ) { 163 163 check_admin_referer('custom-background'); 164 $color = preg_replace('/[^0-9a-fA-F]/', '', $_POST['background-color']); 165 if ( strlen($color) == 6 || strlen($color) == 3 ) 166 set_theme_mod('background_color', $color); 167 else 168 set_theme_mod('background_color', ''); 164 $color = sanitize_hex_color_no_hash( $_POST['background-color'] ); 165 set_theme_mod( 'background_color', $color ) ; 169 166 } 170 167 171 168 $this->updated = true; -
wp-admin/custom-header.php
225 225 set_theme_mod( 'header_textcolor', 'blank' ); 226 226 } elseif ( isset( $_POST['text-color'] ) ) { 227 227 check_admin_referer( 'custom-header-options', '_wpnonce-custom-header-options' ); 228 $_POST['text-color'] = str_replace( '#', '', $_POST['text-color'] ); 229 $color = preg_replace('/[^0-9a-fA-F]/', '', $_POST['text-color']); 230 if ( strlen($color) == 6 || strlen($color) == 3 ) 228 $color = sanitize_hex_color_no_hash( $_POST['text-color'] ); 229 if ( ( $color !== '' ) && ( $color !== null ) ) { 231 230 set_theme_mod('header_textcolor', $color); 232 elseif ( ! $color )231 } else { 233 232 set_theme_mod( 'header_textcolor', 'blank' ); 233 } 234 234 } 235 235 236 236 if ( isset( $_POST['default-header'] ) ) { -
wp-includes/class-wp-customize-manager.php
1083 1083 1084 1084 return $color; 1085 1085 } 1086 }; 1087 1088 /** 1089 * Sanitizes a hex color. 1090 * 1091 * Returns either '', a 3 or 6 digit hex color (with #), or null. 1092 * For sanitizing values without a #, see sanitize_hex_color_no_hash(). 1093 * 1094 * @since 3.4.0 1095 * 1096 * @param string $color 1097 * @return string|null 1098 */ 1099 function sanitize_hex_color( $color ) { 1100 if ( '' === $color ) 1101 return ''; 1102 1103 // 3 or 6 hex digits, or the empty string. 1104 if ( preg_match('|^#([A-Fa-f0-9]{3}){1,2}$|', $color ) ) 1105 return $color; 1106 1107 return null; 1108 } 1109 1110 /** 1111 * Sanitizes a hex color without a hash. Use sanitize_hex_color() when possible. 1112 * 1113 * Saving hex colors without a hash puts the burden of adding the hash on the 1114 * UI, which makes it difficult to use or upgrade to other color types such as 1115 * rgba, hsl, rgb, and html color names. 1116 * 1117 * Returns either '', a 3 or 6 digit hex color (without a #), or null. 1118 * 1119 * @since 3.4.0 1120 * @uses sanitize_hex_color() 1121 * 1122 * @param string $color 1123 * @return string|null 1124 */ 1125 function sanitize_hex_color_no_hash( $color ) { 1126 $color = ltrim( $color, '#' ); 1127 1128 if ( '' === $color ) 1129 return ''; 1130 1131 return sanitize_hex_color( '#' . $color ) ? $color : null; 1132 } 1133 1134 /** 1135 * Ensures that any hex color is properly hashed. 1136 * Otherwise, returns value untouched. 1137 * 1138 * This method should only be necessary if using sanitize_hex_color_no_hash(). 1139 * 1140 * @since 3.4.0 1141 * 1142 * @param string $color 1143 * @return string 1144 */ 1145 function maybe_hash_hex_color( $color ) { 1146 if ( $unhashed = sanitize_hex_color_no_hash( $color ) ) 1147 return '#' . $unhashed; 1148 1149 return $color; 1150 } 1086 }; 1087 No newline at end of file -
wp-includes/formatting.php
3825 3825 3826 3826 return false; 3827 3827 } 3828 3829 /** 3830 * Sanitizes a hex color. 3831 * 3832 * Returns either '', a 3 or 6 digit hex color (with #), or null. 3833 * For sanitizing values without a #, see sanitize_hex_color_no_hash(). 3834 * 3835 * @since 3.4.0 3836 * 3837 * @param string $color 3838 * @return string|null 3839 */ 3840 function sanitize_hex_color( $color ) { 3841 if ( '' === $color ) 3842 return ''; 3843 3844 // 3 or 6 hex digits, or the empty string. 3845 if ( preg_match('|^#([A-Fa-f0-9]{3}){1,2}$|', $color ) ) 3846 return $color; 3847 3848 return null; 3849 } 3850 3851 /** 3852 * Sanitizes a hex color without a hash. Use sanitize_hex_color() when possible. 3853 * 3854 * Saving hex colors without a hash puts the burden of adding the hash on the 3855 * UI, which makes it difficult to use or upgrade to other color types such as 3856 * rgba, hsl, rgb, and html color names. 3857 * 3858 * Returns either '', a 3 or 6 digit hex color (without a #), or null. 3859 * 3860 * @since 3.4.0 3861 * @uses sanitize_hex_color() 3862 * 3863 * @param string $color 3864 * @return string|null 3865 */ 3866 function sanitize_hex_color_no_hash( $color ) { 3867 $color = ltrim( $color, '#' ); 3868 3869 if ( '' === $color ) 3870 return ''; 3871 3872 return sanitize_hex_color( '#' . $color ) ? $color : null; 3873 } 3874 3875 /** 3876 * Ensures that any hex color is properly hashed. 3877 * Otherwise, returns value untouched. 3878 * 3879 * This method should only be necessary if using sanitize_hex_color_no_hash(). 3880 * 3881 * @since 3.4.0 3882 * 3883 * @param string $color 3884 * @return string 3885 */ 3886 function maybe_hash_hex_color( $color ) { 3887 if ( $unhashed = sanitize_hex_color_no_hash( $color ) ) 3888 return '#' . $unhashed; 3889 3890 return $color; 3891 } 3892 No newline at end of file