| | 32 | // Bug 5998 Add: Prevent invalid Unicode characters |
| | 33 | // regex that matches all valid Unicode UTF-8 bytes |
| | 34 | $re = "/" . |
| | 35 | "[\x09\x0A\x0D\x20-\x7E]" . // ASCII |
| | 36 | "|[\xC2-\xDF][\x80-\xBF]" . // non-overlong 2-byte |
| | 37 | "|\xE0[\xA0-\xBF][\x80-\xBF]" . // excluding overlongs |
| | 38 | "|[\xE1-\xEC\xEE][\x80-\xBF]{2}" . // 3-byte, but exclude U-FFFE and U-FFFF |
| | 39 | "|\xEF[\x80-\xBE][\x80-\xBF]" . |
| | 40 | "|\xEF\xBF[\x80-\xBD]" . |
| | 41 | "|\xED[\x80-\x9F][\x80-\xBF]" . // excluding surrogates |
| | 42 | "|\xF0[\x90-\xBF][\x80-\xBF]{2}" . // planes 1-3 |
| | 43 | "|[\xF1-\xF3][\x80-\xBF]{3}" . // planes 4-15 |
| | 44 | "|\xF4[\x80-\x8F][\x80-\xBF]{2}" . // plane 16 |
| | 45 | "/"; |
| | 46 | $bad_unicode = preg_replace($re, "", $comment_author); |
| | 47 | if( strlen($bad_unicode) != 0 ) { |
| | 48 | wp_die( __('Sorry, I cannot let you post that. You have entered invalid Unicode characters in your Name that could break my site') ); |
| | 49 | } |
| | 50 | $bad_unicode = preg_replace($re, "", $comment_author_email); |
| | 51 | if( strlen($bad_unicode) != 0 ) { |
| | 52 | wp_die( __('Sorry, I cannot let you post that. You have entered invalid Unicode characters in your Mail Address that could break my site') ); |
| | 53 | } |
| | 54 | $bad_unicode = preg_replace($re, "", $comment_author_url); |
| | 55 | if( strlen($bad_unicode) != 0 ) { |
| | 56 | wp_die( __('Sorry, I cannot let you post that. You have entered invalid Unicode characters in your Website URL that could break my site') ); |
| | 57 | } |
| | 58 | $bad_unicode = preg_replace($re, "", $comment_content); |
| | 59 | if( strlen($bad_unicode) != 0 ) { |
| | 60 | wp_die( __('Sorry, I cannot let you post that. You have entered invalid Unicode characters in your Comment that could break my site') ); |
| | 61 | } |
| | 62 | |