Ticket #9591: 9591.3.diff

wp-includes/taxonomy.php

@@ -534 +534 @@
                 case 'slug':
                 case 'name':
                         foreach ( $terms as $i => $term ) {
-                                $terms[$i] = sanitize_term_field('slug', $term, 0, $taxonomy, 'db');
+                                $terms[$i] = sanitize_title_for_query( $term );
                         }
                         $terms = array_filter($terms);
 

wp-includes/query.php

@@ -1465 +1465 @@
                                         );
 
                                         if ( $t->rewrite['hierarchical'] ) {
-                                                $q[$t->query_var] = basename($q[$t->query_var]);
+                                                $q[$t->query_var] = $this->_qv_basename($q[$t->query_var]);
                                         }
 
                                         $term = str_replace( ' ', '+', $q[$t->query_var] );
@@ -1784 +1784 @@
                 }
 
                 if ( '' != $q['name'] ) {
-                        $q['name'] = sanitize_title($q['name']);
+                        $q['name'] = sanitize_title_for_query( $q['name'] );
                         $where .= " AND $wpdb->posts.post_name = '" . $q['name'] . "'";
                 } elseif ( '' != $q['pagename'] ) {
                         if ( isset($this->queried_object_id) ) {
@@ -1812 +1812 @@
 
                         $page_for_posts = get_option('page_for_posts');
                         if  ( ('page' != get_option('show_on_front') ) || empty($page_for_posts) || ( $reqpage != $page_for_posts ) ) {
-                                $q['pagename'] = str_replace('%2F', '/', urlencode(urldecode($q['pagename'])));
-                                $page_paths = '/' . trim($q['pagename'], '/');
-                                $q['pagename'] = sanitize_title(basename($page_paths));
+                                $q['pagename'] = sanitize_title_for_query( $this->_qv_basename( $q['pagename'] ) );
                                 $q['name'] = $q['pagename'];
                                 $where .= " AND ($wpdb->posts.ID = '$reqpage')";
                                 $reqpage_obj = get_page($reqpage);
@@ -1826 +1824 @@
                                 }
                         }
                 } elseif ( '' != $q['attachment'] ) {
-                        $q['attachment'] = str_replace('%2F', '/', urlencode(urldecode($q['attachment'])));
-                        $attach_paths = '/' . trim($q['attachment'], '/');
-                        $q['attachment'] = sanitize_title(basename($attach_paths));
+                        $q['attachment'] = sanitize_title_for_query( $this->_qv_basename( $q['attachment'] ) );
                         $q['name'] = $q['attachment'];
                         $where .= " AND $wpdb->posts.post_name = '" . $q['attachment'] . "'";
                 }
@@ -1961 +1957 @@
                                         $q['author_name'] = $q['author_name'][count($q['author_name'])-2]; // there was a trailling slash
                                 }
                         }
-                        $q['author_name'] = sanitize_title($q['author_name']);
+                        $q['author_name'] = sanitize_title_for_query( $q['author_name'] );
                         $q['author'] = get_user_by('slug', $q['author_name']);
                         if ( $q['author'] )
                                 $q['author'] = $q['author']->ID;
@@ -3134 +3130 @@
         function is_404() {
                 return (bool) $this->is_404;
         }
+
+        /**
+         * i18n friendly way to get the last segment in a path
+         *
+         * @since 3.1.0
+         * @access private
+         *
+         * @param string $path The path
+         * @return string
+         */
+        function _qv_basename( $path ) {
+                return basename( str_replace( '%2F', '/', urlencode( urldecode( $path ) ) ) );
+        }
 }
 
 /**

wp-includes/formatting.php

@@ -628 +628 @@
                 chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
                 chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
                 chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
+                chr(200).chr(153) => 's', chr(200).chr(155) => 't',
                 // Euro Sign
                 chr(226).chr(130).chr(172) => 'E',
                 // GBP (Pound) Sign
@@ -783 +784 @@
  *
  * @param string $title The string to be sanitized.
  * @param string $fallback_title Optional. A title to use if $title is empty.
+ * @param string $context Optional. The operation for which the string is sanitized
  * @return string The sanitized string.
  */
-function sanitize_title($title, $fallback_title = '') {
+function sanitize_title($title, $fallback_title = '', $context = 'save') {
         $raw_title = $title;
-        $title = strip_tags($title);
-        $title = apply_filters('sanitize_title', $title, $raw_title);
 
+        if ( 'save' == $context )
+                $title = remove_accents($title);
+
+        $title = apply_filters('sanitize_title', $title, $raw_title, $context);
+
         if ( '' === $title || false === $title )
                 $title = $fallback_title;
 
         return $title;
 }
 
+function sanitize_title_for_query($title) {
+        return sanitize_title($title, '', 'query');
+}
+
 /**
  * Sanitizes title, replacing whitespace with dashes.
  *
@@ -816 +825 @@
         // Restore octets.
         $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
 
-        $title = remove_accents($title);
         if (seems_utf8($title)) {
                 if (function_exists('mb_strtolower')) {
                         $title = mb_strtolower($title, 'UTF-8');