WordPress.org

Make WordPress Core

Ticket #30495: line-tabulation-sanitization.30495.diff

File line-tabulation-sanitization.30495.diff, 1.7 KB (added by sanchothefat, 6 years ago)

Adds a step to remove all control characters in the 1-31 then mops up white space. Has unit test.

  • src/wp-includes/formatting.php

    diff --git src/wp-includes/formatting.php src/wp-includes/formatting.php
    index e0b45fd..77cc68a 100644
    function sanitize_file_name( $filename ) { 
    13791379         * @param string $filename_raw  Filename as it was passed into sanitize_file_name().
    13801380         */
    13811381        $special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw );
     1382        $control_chars = array_map( 'chr', range( 1, 31 ) );
    13821383        $filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
    13831384        $filename = str_replace( $special_chars, '', $filename );
     1385        $filename = str_replace( $control_chars, '', $filename );
    13841386        $filename = str_replace( array( '%20', '+' ), '-', $filename );
    1385         $filename = preg_replace( '/[\r\n\t -]+/', '-', $filename );
     1387        $filename = preg_replace( '/[\s-]+/', '-', $filename );
    13861388        $filename = trim( $filename, '.-_' );
    13871389
    13881390        // Split the filename into a base and extension[s]
  • tests/phpunit/tests/formatting/SanitizeFileName.php

    diff --git tests/phpunit/tests/formatting/SanitizeFileName.php tests/phpunit/tests/formatting/SanitizeFileName.php
    index 8927fec..8572cf4 100644
    class Tests_Formatting_SanitizeFileName extends WP_UnitTestCase { 
    5656        function test_replaces_percent_sign() {
    5757                $this->assertEquals( 'a22b.jpg', sanitize_file_name( 'a%22b.jpg' ) );
    5858        }
     59
     60        /**
     61         * @ticket 30495
     62         */
     63        function test_replaces_control_chars() {
     64                $control_chars = array_map( 'chr', range( 1, 31 ) );
     65                $string = 'test';
     66                foreach ( $control_chars as $char ) {
     67                        $string .= $char;
     68                }
     69                $string .= 'test';
     70                $this->assertEquals( 'testtest', sanitize_file_name( $string ) );
     71        }
    5972}