WordPress.org

Make WordPress Core

Ticket #9591: 9591.diff

File 9591.diff, 5.5 KB (added by scribu, 11 years ago)

separate contexts for sanitize_title()

  • wp-includes/query.php

     
    14021402                        if ( !is_array($qv['tag_slug__in']) || empty($qv['tag_slug__in']) ) {
    14031403                                $qv['tag_slug__in'] = array();
    14041404                        } else {
    1405                                 $qv['tag_slug__in'] = array_map('sanitize_title', $qv['tag_slug__in']);
     1405                                $qv['tag_slug__in'] = array_map('sanitize_title_for_query', $qv['tag_slug__in']);
    14061406                                $this->is_tag = true;
    14071407                        }
    14081408
    14091409                        if ( !is_array($qv['tag_slug__and']) || empty($qv['tag_slug__and']) ) {
    14101410                                $qv['tag_slug__and'] = array();
    14111411                        } else {
    1412                                 $qv['tag_slug__and'] = array_map('sanitize_title', $qv['tag_slug__and']);
     1412                                $qv['tag_slug__and'] = array_map('sanitize_title_for_query', $qv['tag_slug__and']);
    14131413                                $this->is_tag = true;
    14141414                        }
    14151415
     
    17071707                        $where .= " AND DAYOFMONTH($wpdb->posts.post_date)='" . $q['day'] . "'";
    17081708
    17091709                if ('' != $q['name']) {
    1710                         $q['name'] = sanitize_title($q['name']);
     1710                        $q['name'] = sanitize_title_for_query($q['name']);
    17111711                        $where .= " AND $wpdb->posts.post_name = '" . $q['name'] . "'";
    17121712                } else if ('' != $q['pagename']) {
    17131713                        if ( isset($this->queried_object_id) )
     
    17241724                        if  ( ('page' != get_option('show_on_front') ) ||  empty($page_for_posts) || ( $reqpage != $page_for_posts ) ) {
    17251725                                $q['pagename'] = str_replace('%2F', '/', urlencode(urldecode($q['pagename'])));
    17261726                                $page_paths = '/' . trim($q['pagename'], '/');
    1727                                 $q['pagename'] = sanitize_title(basename($page_paths));
     1727                                $q['pagename'] = sanitize_title_for_query(basename($page_paths));
    17281728                                $q['name'] = $q['pagename'];
    17291729                                $where .= " AND ($wpdb->posts.ID = '$reqpage')";
    17301730                                $reqpage_obj = get_page($reqpage);
     
    17371737                } elseif ('' != $q['attachment']) {
    17381738                        $q['attachment'] = str_replace('%2F', '/', urlencode(urldecode($q['attachment'])));
    17391739                        $attach_paths = '/' . trim($q['attachment'], '/');
    1740                         $q['attachment'] = sanitize_title(basename($attach_paths));
     1740                        $q['attachment'] = sanitize_title_for_query(basename($attach_paths));
    17411741                        $q['name'] = $q['attachment'];
    17421742                        $where .= " AND $wpdb->posts.post_name = '" . $q['attachment'] . "'";
    17431743                }
     
    18441844
    18451845                // Category stuff for nice URLs
    18461846                if ( '' != $q['category_name'] && !$this->is_singular ) {
    1847                         $q['category_name'] = implode('/', array_map('sanitize_title', explode('/', $q['category_name'])));
     1847                        $q['category_name'] = implode('/', array_map('sanitize_title_for_query', explode('/', $q['category_name'])));
    18481848                        $reqcat = get_category_by_path($q['category_name']);
    18491849                        $q['category_name'] = str_replace('%2F', '/', urlencode(urldecode($q['category_name'])));
    18501850                        $cat_paths = '/' . trim($q['category_name'], '/');
    1851                         $q['category_name'] = sanitize_title(basename($cat_paths));
     1851                        $q['category_name'] = sanitize_title_for_query(basename($cat_paths));
    18521852
    18531853                        $cat_paths = '/' . trim(urldecode($q['category_name']), '/');
    1854                         $q['category_name'] = sanitize_title(basename($cat_paths));
     1854                        $q['category_name'] = sanitize_title_for_query(basename($cat_paths));
    18551855                        $cat_paths = explode('/', $cat_paths);
    18561856                        $cat_path = '';
    18571857                        foreach ( (array) $cat_paths as $pathdir )
    1858                                 $cat_path .= ( $pathdir != '' ? '/' : '' ) . sanitize_title($pathdir);
     1858                                $cat_path .= ( $pathdir != '' ? '/' : '' ) . sanitize_title_for_query($pathdir);
    18591859
    18601860                        //if we don't match the entire hierarchy fallback on just matching the nicename
    18611861                        if ( empty($reqcat) )
     
    20272027                                        $q['author_name'] = $q['author_name'][count($q['author_name'])-2];#there was a trailling slash
    20282028                                }
    20292029                        }
    2030                         $q['author_name'] = sanitize_title($q['author_name']);
     2030                        $q['author_name'] = sanitize_title_for_query($q['author_name']);
    20312031                        $q['author'] = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_nicename='".$q['author_name']."'");
    20322032                        $q['author'] = get_user_by('slug', $q['author_name']);
    20332033                        if ( $q['author'] )
  • wp-includes/formatting.php

     
    628628                chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
    629629                chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
    630630                chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
     631                chr(200).chr(153) => 's', chr(200).chr(155) => 't',
    631632                // Euro Sign
    632633                chr(226).chr(130).chr(172) => 'E',
    633634                // GBP (Pound) Sign
     
    761762 *
    762763 * @param string $title The string to be sanitized.
    763764 * @param string $fallback_title Optional. A title to use if $title is empty.
     765 * @param string $context Optional. The operation for which the string is sanitized
    764766 * @return string The sanitized string.
    765767 */
    766 function sanitize_title($title, $fallback_title = '') {
     768function sanitize_title($title, $fallback_title = '', $context = 'save') {
    767769        $raw_title = $title;
    768         $title = strip_tags($title);
    769         $title = apply_filters('sanitize_title', $title, $raw_title);
    770770
     771        if ( 'save' == $context )
     772                $title = remove_accents($title);
     773
     774        $title = apply_filters('sanitize_title', $title, $raw_title, $context);
     775
    771776        if ( '' === $title || false === $title )
    772777                $title = $fallback_title;
    773778
    774779        return $title;
    775780}
    776781
     782function sanitize_title_for_query($title) {
     783        return sanitize_title($title, '', 'query');
     784}
     785
    777786/**
    778787 * Sanitizes title, replacing whitespace with dashes.
    779788 *
     
    794803        // Restore octets.
    795804        $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
    796805
    797         $title = remove_accents($title);
    798806        if (seems_utf8($title)) {
    799807                if (function_exists('mb_strtolower')) {
    800808                        $title = mb_strtolower($title, 'UTF-8');