Make WordPress Core

Ticket #44547: 44547.patch

File 44547.patch, 2.3 KB (added by ryotsun, 6 years ago)
  • src/wp-admin/includes/file.php

    diff --git src/wp-admin/includes/file.php src/wp-admin/includes/file.php
    index da215b7a14..8f26ba685c 100644
    function _wp_handle_upload( &$file, $overrides, $time, $action ) { 
    824824                return call_user_func_array( $upload_error_handler, array( &$file, $uploads['error'] ) );
    825825        }
    826826
    827         $filename = wp_unique_filename( $uploads['path'], $file['name'], $unique_filename_callback );
     827        $tmp_file_name = $file['name'];
     828        $ext           = pathinfo( $tmp_file_name, PATHINFO_EXTENSION );
     829        $name          = wp_basename( $tmp_file_name, ".$ext" );
     830
     831        // Change file name to be hashed if it contains multi-byte chars.
     832        if ( ! is_ascii_text( $name ) ) {
     833                $tmp_file_name = md5( $name ) . ".$ext";
     834        }
     835
     836        $filename = wp_unique_filename( $uploads['path'], $tmp_file_name, $unique_filename_callback );
    828837
    829838        // Move the file to the uploads dir.
    830839        $new_file = $uploads['path'] . "/$filename";
  • src/wp-includes/formatting.php

    diff --git src/wp-includes/formatting.php src/wp-includes/formatting.php
    index bf03e78e1e..53cba60dfa 100644
    function sanitize_text_field( $str ) { 
    50575057        return apply_filters( 'sanitize_text_field', $filtered, $str );
    50585058}
    50595059
     5060/**
     5061 * Check if it has only ASCII characters or not.
     5062 *
     5063 * @since 5.0.0
     5064 * @param string $str Strings that may contain none-ASCII chars.
     5065 * @return bool Return true if $str is ASCII text.
     5066 */
     5067function is_ascii_text( $str ) {
     5068        if ( preg_match( '/^[\\x{0000}-\\x{007F}]+$/u', $str, $match ) ) {
     5069                return true;
     5070        } else {
     5071                return false;
     5072        }
     5073}
     5074
    50605075/**
    50615076 * Sanitizes a multiline string from user input or from the database.
    50625077 *
  • new file tests/phpunit/tests/formatting/FileName.php

    diff --git tests/phpunit/tests/formatting/FileName.php tests/phpunit/tests/formatting/FileName.php
    new file mode 100644
    index 0000000000..2abc32cf46
    - +  
     1<?php
     2
     3/**
     4 * @group formatting
     5 */
     6class Tests_Formatting_FileName extends WP_UnitTestCase {
     7        /**
     8         * Check if it contains none-ASCII character or not.
     9         */
     10        function test_contains_ascii_chars() {
     11                $ascii_text = 'Welcome to WordPress.';
     12                $this->assertTrue( is_ascii_text( $ascii_text ) );
     13
     14                $none_ascii_text = 'WordPressへようこそ';
     15                $this->assertFalse( is_ascii_text( $none_ascii_text ) );
     16        }
     17}