Ticket #30883: patch.3.diff
File patch.3.diff, 3.0 KB (added by , 10 years ago) |
---|
-
src/wp-includes/formatting.php
diff --git src/wp-includes/formatting.php src/wp-includes/formatting.php index a75af2e..da49afd 100644
function sanitize_sql_orderby( $orderby ){ 1350 1350 * @return string The sanitized value 1351 1351 */ 1352 1352 function sanitize_html_class( $class, $fallback = '' ) { 1353 // Strip out any % encoded octets1353 // Strip out any % encoded octets 1354 1354 $sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class ); 1355 1355 1356 // Limit to A-Z,a-z,0-9,_,-1356 // Limit to A-Z, a-z, 0-9, _, - 1357 1357 $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized ); 1358 1358 1359 if ( '' == $sanitized ) 1359 // Check if only numbers, hyphens or underscores left 1360 if ( '' == preg_replace( '/[0-9_-]/', '', $sanitized ) ) { 1360 1361 $sanitized = $fallback; 1362 } 1361 1363 1362 1364 /** 1363 1365 * Filter a sanitized HTML class string. -
src/wp-includes/post-template.php
diff --git src/wp-includes/post-template.php src/wp-includes/post-template.php index eb794fa..ffcdde6 100644
function get_post_class( $class = '', $post_id = null ) { 475 475 if ( 'post_tag' == $taxonomy ) { 476 476 $classes[] = 'tag-' . sanitize_html_class( $term->slug, $term->term_id ); 477 477 } else { 478 $classes[] = sanitize_html_class( $taxonomy . '-' . $term->slug, $taxonomy . '-' .$term->term_id );478 $classes[] = $taxonomy . '-' . sanitize_html_class( $term->slug, $term->term_id ); 479 479 } 480 480 } 481 481 } -
new file tests/phpunit/tests/formatting/SanitizeHtmlClass.php
diff --git tests/phpunit/tests/formatting/SanitizeHtmlClass.php tests/phpunit/tests/formatting/SanitizeHtmlClass.php new file mode 100644 index 0000000..2393ad9
- + 1 <?php 2 3 /** 4 * @group formatting 5 */ 6 class Tests_Formatting_SanitizeHtmlClass extends WP_UnitTestCase { 7 8 /** 9 * @covers ::sanitize_html_class 10 */ 11 public function test_expected() { 12 $text = 'test'; 13 $result = sanitize_html_class( $text ); 14 $this->assertEquals( $text, $result ); 15 } 16 17 /** 18 * @covers ::sanitize_html_class 19 */ 20 public function test_fallback_empty() { 21 $result = sanitize_html_class( '' ); 22 $this->assertEquals( '', $result ); 23 } 24 25 /** 26 * @covers ::sanitize_html_class 27 */ 28 public function test_fallback_with_only_hyphens() { 29 $result = sanitize_html_class( '---' ); 30 $this->assertEquals( '', $result ); 31 } 32 33 /** 34 * @covers ::sanitize_html_class 35 * @ticket 30883 36 */ 37 public function test_fallback_hyphens_after_percent_encoded_octets() { 38 $s1 = sanitize_html_class( '%d0%b2%d1%82%d0%be%d1%80%d0%b0%d1%8f-%d1%80%d1%83%d0%b1%d1%80%d0%b8%d0%ba%d0%b0' ); 39 $s2 = sanitize_html_class( '%d0%bf%d0%b5%d1%80%d0%b2%d0%b0%d1%8f-%d1%80%d1%83%d0%b1%d1%80%d0%b8%d0%ba%d0%b0' ); 40 41 $this->assertEquals( '', $s1 ); 42 $this->assertEquals( '', $s2 ); 43 } 44 45 /** 46 * @covers ::sanitize_html_class 47 */ 48 public function test_fallback_with_non_letter_characters() { 49 $result = sanitize_html_class( '-_0123456789' ); 50 $this->assertEquals( '', $result ); 51 } 52 53 }