WordPress.org

Make WordPress Core

Ticket #9416: 9416.2.diff

File 9416.2.diff, 3.3 KB (added by sivel, 9 years ago)
  • wp-includes/functions.php

     
    20112011 * @return string New filename, if given wasn't unique.
    20122012 */
    20132013function wp_unique_filename( $dir, $filename, $unique_filename_callback = null ) {
    2014         $filename = strtolower( $filename );
     2014        // sanitize the file name before we begin processing
     2015        $filename = sanitize_file_name($filename);
     2016
    20152017        // separate the filename into a name and extension
    20162018        $info = pathinfo($filename);
    20172019        $ext = !empty($info['extension']) ? $info['extension'] : '';
    20182020        $name = basename($filename, ".{$ext}");
    2019 
     2021       
    20202022        // edge case: if file is named '.ext', treat as an empty name
    20212023        if( $name === ".$ext" )
    20222024                $name = '';
     
    20282030                $number = '';
    20292031
    20302032                if ( !empty( $ext ) )
    2031                         $ext = strtolower( ".$ext" );
     2033                        $ext = ".$ext";
    20322034
    2033                 $filename = str_replace( $ext, '', $filename );
    2034                 // Strip % so the server doesn't try to decode entities.
    2035                 $filename = str_replace('%', '', sanitize_title_with_dashes( $filename ) ) . $ext;
    2036 
    20372035                while ( file_exists( $dir . "/$filename" ) ) {
    20382036                        if ( '' == "$number$ext" )
    20392037                                $filename = $filename . ++$number . $ext;
  • wp-includes/formatting.php

     
    564564}
    565565
    566566/**
    567  * Filters certain characters from the file name.
     567 * Sanitizes a filename replacing whitespace with dashes
    568568 *
    569  * Turns all strings to lowercase removing most characters except alphanumeric
    570  * with spaces, dashes and periods. All spaces and underscores are converted to
    571  * dashes. Multiple dashes are converted to a single dash. Finally, if the file
    572  * name ends with a dash, it is removed.
     569 * Removes special characters that are illegal in filenames on certain
     570 * operating systems and special characters requiring special escaping
     571 * to manipulate at the command line. Replaces spaces and consecutive
     572 * dashes with a single dash. Trim period, dash and underscore from beginning
     573 * and end of filename.
    573574 *
    574575 * @since 2.1.0
    575576 *
    576  * @param string $name The file name
    577  * @return string Sanitized file name
     577 * @param string $filename The filename to be sanitized
     578 * @return string The sanitized filename
    578579 */
    579 function sanitize_file_name( $name ) { // Like sanitize_title, but with periods
    580         $name = strtolower( $name );
    581         $name = preg_replace('/&.+?;/', '', $name); // kill entities
    582         $name = str_replace( '_', '-', $name );
    583         $name = preg_replace('/[^a-z0-9\s-.]/', '', $name);
    584         $name = preg_replace('/\s+/', '-', $name);
    585         $name = preg_replace('|-+|', '-', $name);
    586         $name = trim($name, '-');
    587         return $name;
     580function sanitize_file_name( $filename ) {
     581        $filename_raw = $filename;
     582        $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}");
     583        $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
     584        $filename = str_replace($special_chars, '', $filename);
     585        $filename = preg_replace('(\s+|-+)', '-', $filename);
     586        $filename = trim($filename, '.-_');
     587        return apply_filters('sanitize_file_name', $filename, $filename_raw);
    588588}
    589589
    590590/**