WordPress.org

Make WordPress Core

Ticket #9591: 9591.4.diff

File 9591.4.diff, 3.8 KB (added by scribu, 8 years ago)

refresh

  • wp-includes/taxonomy.php

     
    534534                case 'slug':
    535535                case 'name':
    536536                        foreach ( $terms as $i => $term ) {
    537                                 $terms[$i] = sanitize_term_field('slug', $term, 0, $taxonomy, 'db');
     537                                $terms[$i] = sanitize_title_for_query( $term );
    538538                        }
    539539                        $terms = array_filter($terms);
    540540
  • wp-includes/query.php

     
    17841784                }
    17851785
    17861786                if ( '' != $q['name'] ) {
    1787                         $q['name'] = sanitize_title( $q['name'] );
     1787                        $q['name'] = sanitize_title_for_query( $q['name'] );
    17881788                        $where .= " AND $wpdb->posts.post_name = '" . $q['name'] . "'";
    17891789                } elseif ( '' != $q['pagename'] ) {
    17901790                        if ( isset($this->queried_object_id) ) {
     
    18121812
    18131813                        $page_for_posts = get_option('page_for_posts');
    18141814                        if  ( ('page' != get_option('show_on_front') ) || empty($page_for_posts) || ( $reqpage != $page_for_posts ) ) {
    1815                                 $q['pagename'] = sanitize_title( $this->_qv_basename( $q['pagename'] ) );
     1815                                $q['pagename'] = sanitize_title_for_query( $this->_qv_basename( $q['pagename'] ) );
    18161816                                $q['name'] = $q['pagename'];
    18171817                                $where .= " AND ($wpdb->posts.ID = '$reqpage')";
    18181818                                $reqpage_obj = get_page($reqpage);
     
    18241824                                }
    18251825                        }
    18261826                } elseif ( '' != $q['attachment'] ) {
    1827                         $q['attachment'] = sanitize_title( $this->_qv_basename( $q['attachment'] ) );
     1827                        $q['attachment'] = sanitize_title_for_query( $this->_qv_basename( $q['attachment'] ) );
    18281828                        $q['name'] = $q['attachment'];
    18291829                        $where .= " AND $wpdb->posts.post_name = '" . $q['attachment'] . "'";
    18301830                }
     
    19571957                                        $q['author_name'] = $q['author_name'][count($q['author_name'])-2]; // there was a trailling slash
    19581958                                }
    19591959                        }
    1960                         $q['author_name'] = sanitize_title( $q['author_name'] );
     1960                        $q['author_name'] = sanitize_title_for_query( $q['author_name'] );
    19611961                        $q['author'] = get_user_by('slug', $q['author_name']);
    19621962                        if ( $q['author'] )
    19631963                                $q['author'] = $q['author']->ID;
  • wp-includes/formatting.php

     
    628628                chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
    629629                chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
    630630                chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
     631                chr(200).chr(153) => 's', chr(200).chr(155) => 't',
    631632                // Euro Sign
    632633                chr(226).chr(130).chr(172) => 'E',
    633634                // GBP (Pound) Sign
     
    783784 *
    784785 * @param string $title The string to be sanitized.
    785786 * @param string $fallback_title Optional. A title to use if $title is empty.
     787 * @param string $context Optional. The operation for which the string is sanitized
    786788 * @return string The sanitized string.
    787789 */
    788 function sanitize_title($title, $fallback_title = '') {
     790function sanitize_title($title, $fallback_title = '', $context = 'save') {
    789791        $raw_title = $title;
    790         $title = strip_tags($title);
    791         $title = apply_filters('sanitize_title', $title, $raw_title);
    792792
     793        if ( 'save' == $context )
     794                $title = remove_accents($title);
     795
     796        $title = apply_filters('sanitize_title', $title, $raw_title, $context);
     797
    793798        if ( '' === $title || false === $title )
    794799                $title = $fallback_title;
    795800
    796801        return $title;
    797802}
    798803
     804function sanitize_title_for_query($title) {
     805        return sanitize_title($title, '', 'query');
     806}
     807
    799808/**
    800809 * Sanitizes title, replacing whitespace with dashes.
    801810 *
     
    816825        // Restore octets.
    817826        $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
    818827
    819         $title = remove_accents($title);
    820828        if (seems_utf8($title)) {
    821829                if (function_exists('mb_strtolower')) {
    822830                        $title = mb_strtolower($title, 'UTF-8');