Make WordPress Core

Ticket #30883: patch.2.diff

File patch.2.diff, 2.0 KB (added by sgrant, 10 years ago)

If only non-letter characters remain, use fallback. New tests.

  • src/wp-includes/formatting.php

     
    13531353        if ( '' == $sanitized )
    13541354                $sanitized = $fallback;
    13551355
     1356        if ( '' == preg_replace( '/[0-9_-]/', '', $sanitized ) )
     1357                $sanitized = $fallback;
     1358
    13561359        /**
    13571360         * Filter a sanitized HTML class string.
    13581361         *
  • tests/phpunit/tests/formatting/SanitizeHtmlClass.php

     
     1<?php
     2
     3/**
     4 * @group formatting
     5 */
     6class Tests_Formatting_SanitizeHtmlClass extends WP_UnitTestCase {
     7
     8        /**
     9         * @covers ::sanitize_html_class
     10         */
     11        public function test_expected() {
     12                $text = 'test';
     13                $result = sanitize_html_class( $text );
     14                $this->assertEquals( $text, $result );
     15        }
     16
     17        /**
     18         * @covers ::sanitize_html_class
     19         */
     20        public function test_fallback_empty() {
     21                $result = sanitize_html_class( '' );
     22                $this->assertEquals( '', $result );
     23        }
     24
     25        /**
     26         * @covers ::sanitize_html_class
     27         */
     28        public function test_fallback_with_only_hyphens() {
     29                $result = sanitize_html_class( '---' );
     30                $this->assertEquals( '', $result );
     31        }
     32
     33        /**
     34         * @covers ::sanitize_html_class
     35         * @ticket 30883
     36         */
     37        public function test_fallback_hyphens_after_percent_encoded_octets() {
     38                $s1 = sanitize_html_class( '%d0%b2%d1%82%d0%be%d1%80%d0%b0%d1%8f-%d1%80%d1%83%d0%b1%d1%80%d0%b8%d0%ba%d0%b0' );
     39                $s2 = sanitize_html_class( '%d0%bf%d0%b5%d1%80%d0%b2%d0%b0%d1%8f-%d1%80%d1%83%d0%b1%d1%80%d0%b8%d0%ba%d0%b0' );
     40
     41                $this->assertEquals( '', $s1 );
     42                $this->assertEquals( '', $s2 );
     43        }
     44
     45        /**
     46         * @covers ::sanitize_html_class
     47         */
     48        public function test_fallback_with_non_letter_characters() {
     49                $result = sanitize_html_class( '-_0123456789' );
     50                $this->assertEquals( '', $result );
     51        }
     52
     53}