WordPress.org

Make WordPress Core

Ticket #51732: 51732.patch

File 51732.patch, 8.5 KB (added by prfidneai, 11 months ago)

Patch

  • wp-includes/formatting.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    20922092 * @param bool   $strict   Optional. If set limits $username to specific characters.
    20932093 *                         Default false.
    20942094 * @return string The sanitized username, after passing through filters.
     2095 *
     2096 *
     2097 * changed 09.11.2020 by prfidneai
     2098 * to work with unicode usernames
     2099 * uses WP_IDN_USERNAME_REGEX && WP_IDN_STRICT_USERNAME_REGEX to check unicode username rules (current: latin + cyrillic)
    20952100 */
     2101
     2102
    20962103function sanitize_user( $username, $strict = false ) {
    2097         $raw_username = $username;
     2104    $raw_username = $username;
    20982105        $username     = wp_strip_all_tags( $username );
    20992106        $username     = remove_accents( $username );
    21002107        // Kill octets.
    2101         $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
     2108    // prfidneai -  regex changed
     2109    $username = preg_replace( WP_IDN_USERNAME_REGEX, '', $username );
    21022110        // Kill entities.
    21032111        $username = preg_replace( '/&.+?;/', '', $username );
    21042112
    21052113        // If strict, reduce to ASCII for max portability.
    2106         if ( $strict ) {
    2107                 $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
    2108         }
    2109 
     2114    // prfidneai -  regex changed
     2115    if ( $strict ) {
     2116        $username = preg_replace( WP_IDN_STRICT_USERNAME_REGEX, '', $username );
     2117    }
    21102118        $username = trim( $username );
    21112119        // Consolidate contiguous whitespace.
    21122120        $username = preg_replace( '|\s+|', ' ', $username );
     
    34003408 * @param string $email      Email address to verify.
    34013409 * @param bool   $deprecated Deprecated.
    34023410 * @return string|false Valid email address on success, false on failure.
     3411 *
     3412 * changed 09.11.2020 by prfidneai to work with EAI-mails
     3413 * uses WP_IDN_DOMAIN_REGEX for domain name regex (current: latin + Russian)
     3414 * uses WP_IDN_LOCAL_MAIL_REGEX for local part regex (current: latin + Russian)
    34033415 */
     3416
    34043417function is_email( $email, $deprecated = false ) {
    3405         if ( ! empty( $deprecated ) ) {
     3418    if ( ! empty( $deprecated ) ) {
    34063419                _deprecated_argument( __FUNCTION__, '3.0.0' );
    34073420        }
    34083421
     
    34353448
    34363449        // LOCAL PART
    34373450        // Test for invalid characters.
    3438         if ( ! preg_match( '/^[a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]+$/', $local ) ) {
    3439                 /** This filter is documented in wp-includes/formatting.php */
    3440                 return apply_filters( 'is_email', false, $email, 'local_invalid_chars' );
    3441         }
     3451    // prfideai - regex changed
     3452    if ( ! preg_match( '/^['.WP_IDN_LOCAL_MAIL_REGEX.']+$/u', $local ) ) {
     3453        /** This filter is documented in wp-includes/formatting.php */
     3454        return apply_filters( 'is_email', false, $email, 'local_invalid_chars' );
     3455    }
    34423456
    34433457        // DOMAIN PART
    34443458        // Test for sequences of periods.
     
    34713485                }
    34723486
    34733487                // Test for invalid characters.
    3474                 if ( ! preg_match( '/^[a-z0-9-]+$/i', $sub ) ) {
    3475                         /** This filter is documented in wp-includes/formatting.php */
    3476                         return apply_filters( 'is_email', false, $email, 'sub_invalid_chars' );
    3477                 }
     3488        // prfideai -  regex changed
     3489        if ( ! preg_match( '/^['.WP_IDN_DOMAIN_REGEX.']+$/u', $sub ) ) {
     3490            /** This filter is documented in wp-includes/formatting.php */
     3491            return apply_filters( 'is_email', false, $email, 'sub_invalid_chars' );
     3492        }
    34783493        }
    34793494
    34803495        // Congratulations, your email made it!
     
    36143629 *
    36153630 * @param string $email Email address to filter.
    36163631 * @return string Filtered email address.
     3632 *
     3633 * changed 09.11.2020 by prfidneai to work with EAI-mails
     3634 * uses WP_IDN_DOMAIN_REGEX for domain name regex (current: latin + Russian)
     3635 * uses WP_IDN_LOCAL_MAIL_REGEX for local part regex (current: latin + Russian)
     3636 *
    36173637 */
     3638
    36183639function sanitize_email( $email ) {
    3619         // Test for the minimum length the email can be.
     3640    // Test for the minimum length the email can be.
    36203641        if ( strlen( $email ) < 6 ) {
    36213642                /**
    36223643                 * Filters a sanitized email address.
     
    36453666
    36463667        // LOCAL PART
    36473668        // Test for invalid characters.
    3648         $local = preg_replace( '/[^a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]/', '', $local );
    3649         if ( '' === $local ) {
     3669    // prfidneai - regex changed
     3670    $local = preg_replace( '/[^'.WP_IDN_LOCAL_MAIL_REGEX.']/u', '', $local );
     3671    if ( '' === $local ) {
    36503672                /** This filter is documented in wp-includes/formatting.php */
    36513673                return apply_filters( 'sanitize_email', '', $email, 'local_invalid_chars' );
    36523674        }
     
    36843706                $sub = trim( $sub, " \t\n\r\0\x0B-" );
    36853707
    36863708                // Test for invalid characters.
    3687                 $sub = preg_replace( '/[^a-z0-9-]+/i', '', $sub );
     3709        // prfidneai - regex changed
     3710        $sub = preg_replace( '/[^'.WP_IDN_DOMAIN_REGEX.']+/u', '', $sub );
    36883711
    3689                 // If there's anything left, add it to the valid subs.
     3712        // If there's anything left, add it to the valid subs.
    36903713                if ( '' !== $sub ) {
    36913714                        $new_subs[] = $sub;
    36923715                }
     
    37003723
    37013724        // Join valid subs into the new domain.
    37023725        $domain = implode( '.', $new_subs );
    3703 
     3726    // prfidneai -  punycode check & decode in domain name added
     3727    $domain = decode_punycode($domain);
    37043728        // Put the email back together.
    37053729        $sanitized_email = $local . '@' . $domain;
    37063730
    37073731        // Congratulations, your email made it!
    37083732        /** This filter is documented in wp-includes/formatting.php */
    3709         return apply_filters( 'sanitize_email', $sanitized_email, $email, null );
     3733
     3734        return apply_filters( 'sanitize_email', $sanitized_email, $email, null );
    37103735}
    37113736
    37123737/**
     
    60406065
    60416066        return $color;
    60426067}
     6068
     6069/*
     6070prfidneai
     6071Check is the domain name contents punycode
     6072Used in decode_punycode() function
     6073*/
     6074
     6075function is_punycode($string){
     6076    if (!strpos($string,'xn--')){
     6077        return true;
     6078    } return false;
     6079}
     6080
     6081/*
     6082prfidneai
     6083Punycode domain to IDN (Unicode) converter
     6084*/
     6085
     6086function decode_punycode($string) {
     6087    $url_parts=array();
     6088    $pref='';
     6089    $path='';
     6090    if(preg_match("/(http[s]?:\/\/)(xn--[a-zA-Z-0-9\.]+)([\S]+)/iu", $string, $url_parts)>0){
     6091        $pref=$url_parts[1];
     6092        $string=$url_parts[2];
     6093        $path=$url_parts[3];
     6094    }
     6095    if (is_punycode($string)){
     6096        return $pref.idn_to_utf8($string, IDNA_DEFAULT).$path;
     6097    }
     6098    return $pref.$string.$path;
     6099}
  • wp-includes/default-constants.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    1616 * @global string $wp_version The WordPress version string.
    1717 */
    1818function wp_initial_constants() {
    19         global $blog_id, $wp_version;
     19        global $blog_id;
    2020
    2121        /**#@+
    2222         * Constants for expressing human-readable data sizes in their respective number of bytes.
     
    9999        // Add define( 'SCRIPT_DEBUG', true ); to wp-config.php to enable loading of non-minified,
    100100        // non-concatenated scripts and stylesheets.
    101101        if ( ! defined( 'SCRIPT_DEBUG' ) ) {
    102                 if ( ! empty( $wp_version ) ) {
    103                         $develop_src = false !== strpos( $wp_version, '-src' );
     102                if ( ! empty( $GLOBALS['wp_version'] ) ) {
     103                        $develop_src = false !== strpos( $GLOBALS['wp_version'], '-src' );
    104104                } else {
    105105                        $develop_src = false;
    106106                }
     
    412412                define( 'WP_DEFAULT_THEME', 'twentytwentyone' );
    413413        }
    414414
     415
     416}
     417
     418// PRF project - IDN domains for regexp
     419
     420// IDN domain names rules (without dots).
     421// Using in sanitize_ functions
     422// These are for latin and Russian domain names.
     423// Can be extended to other scripts adding LGR to regex.
     424
     425
     426// Local e-mail part user@ check rules.
     427// Using in sanitize_email & is_email functions
     428// These are for latin and Russian scripts.
     429// Can be extended to others adding other allowed symbols to regex.
     430
     431if ( ! defined( 'WP_IDN_LOCAL_MAIL_REGEX' ) ) {
     432    define( 'WP_IDN_LOCAL_MAIL_REGEX', 'А-Яа-яa-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-' );
     433
    415434}
     435
     436if ( ! defined( 'WP_IDN_DOMAIN_REGEX' ) ) {
     437    define('WP_IDN_DOMAIN_REGEX', 'а-яa-z0-9-');
     438}
     439
     440// Usernames which use non latin scripts.
     441// Using in sanitize_user function
     442// These are for latin and Russian scripts.
     443// Can be extended to others adding allowed scripts to regex.
     444
     445if ( ! defined( 'WP_IDN_USERNAME_REGEX' ) ) {
     446    define( 'WP_IDN_USERNAME_REGEX', '|%([а-яА-Яa-fA-F0-9][а-яА-Яa-fA-F0-9])|u' );
     447}
     448
     449if ( ! defined( 'WP_IDN_STRICT_USERNAME_REGEX' ) ) {
     450    define( 'WP_IDN_STRICT_USERNAME_REGEX', '|[^а-яА-Яa-z0-9_.\-@]|iu');
     451}
     452 No newline at end of file