WordPress.org

Make WordPress Core

Ticket #9591: 9591.diff

File 9591.diff, 5.5 KB (added by scribu, 4 years ago)

separate contexts for sanitize_title()

  • wp-includes/query.php

     
    14021402                        if ( !is_array($qv['tag_slug__in']) || empty($qv['tag_slug__in']) ) { 
    14031403                                $qv['tag_slug__in'] = array(); 
    14041404                        } else { 
    1405                                 $qv['tag_slug__in'] = array_map('sanitize_title', $qv['tag_slug__in']); 
     1405                                $qv['tag_slug__in'] = array_map('sanitize_title_for_query', $qv['tag_slug__in']); 
    14061406                                $this->is_tag = true; 
    14071407                        } 
    14081408 
    14091409                        if ( !is_array($qv['tag_slug__and']) || empty($qv['tag_slug__and']) ) { 
    14101410                                $qv['tag_slug__and'] = array(); 
    14111411                        } else { 
    1412                                 $qv['tag_slug__and'] = array_map('sanitize_title', $qv['tag_slug__and']); 
     1412                                $qv['tag_slug__and'] = array_map('sanitize_title_for_query', $qv['tag_slug__and']); 
    14131413                                $this->is_tag = true; 
    14141414                        } 
    14151415 
     
    17071707                        $where .= " AND DAYOFMONTH($wpdb->posts.post_date)='" . $q['day'] . "'"; 
    17081708 
    17091709                if ('' != $q['name']) { 
    1710                         $q['name'] = sanitize_title($q['name']); 
     1710                        $q['name'] = sanitize_title_for_query($q['name']); 
    17111711                        $where .= " AND $wpdb->posts.post_name = '" . $q['name'] . "'"; 
    17121712                } else if ('' != $q['pagename']) { 
    17131713                        if ( isset($this->queried_object_id) ) 
     
    17241724                        if  ( ('page' != get_option('show_on_front') ) ||  empty($page_for_posts) || ( $reqpage != $page_for_posts ) ) { 
    17251725                                $q['pagename'] = str_replace('%2F', '/', urlencode(urldecode($q['pagename']))); 
    17261726                                $page_paths = '/' . trim($q['pagename'], '/'); 
    1727                                 $q['pagename'] = sanitize_title(basename($page_paths)); 
     1727                                $q['pagename'] = sanitize_title_for_query(basename($page_paths)); 
    17281728                                $q['name'] = $q['pagename']; 
    17291729                                $where .= " AND ($wpdb->posts.ID = '$reqpage')"; 
    17301730                                $reqpage_obj = get_page($reqpage); 
     
    17371737                } elseif ('' != $q['attachment']) { 
    17381738                        $q['attachment'] = str_replace('%2F', '/', urlencode(urldecode($q['attachment']))); 
    17391739                        $attach_paths = '/' . trim($q['attachment'], '/'); 
    1740                         $q['attachment'] = sanitize_title(basename($attach_paths)); 
     1740                        $q['attachment'] = sanitize_title_for_query(basename($attach_paths)); 
    17411741                        $q['name'] = $q['attachment']; 
    17421742                        $where .= " AND $wpdb->posts.post_name = '" . $q['attachment'] . "'"; 
    17431743                } 
     
    18441844 
    18451845                // Category stuff for nice URLs 
    18461846                if ( '' != $q['category_name'] && !$this->is_singular ) { 
    1847                         $q['category_name'] = implode('/', array_map('sanitize_title', explode('/', $q['category_name']))); 
     1847                        $q['category_name'] = implode('/', array_map('sanitize_title_for_query', explode('/', $q['category_name']))); 
    18481848                        $reqcat = get_category_by_path($q['category_name']); 
    18491849                        $q['category_name'] = str_replace('%2F', '/', urlencode(urldecode($q['category_name']))); 
    18501850                        $cat_paths = '/' . trim($q['category_name'], '/'); 
    1851                         $q['category_name'] = sanitize_title(basename($cat_paths)); 
     1851                        $q['category_name'] = sanitize_title_for_query(basename($cat_paths)); 
    18521852 
    18531853                        $cat_paths = '/' . trim(urldecode($q['category_name']), '/'); 
    1854                         $q['category_name'] = sanitize_title(basename($cat_paths)); 
     1854                        $q['category_name'] = sanitize_title_for_query(basename($cat_paths)); 
    18551855                        $cat_paths = explode('/', $cat_paths); 
    18561856                        $cat_path = ''; 
    18571857                        foreach ( (array) $cat_paths as $pathdir ) 
    1858                                 $cat_path .= ( $pathdir != '' ? '/' : '' ) . sanitize_title($pathdir); 
     1858                                $cat_path .= ( $pathdir != '' ? '/' : '' ) . sanitize_title_for_query($pathdir); 
    18591859 
    18601860                        //if we don't match the entire hierarchy fallback on just matching the nicename 
    18611861                        if ( empty($reqcat) ) 
     
    20272027                                        $q['author_name'] = $q['author_name'][count($q['author_name'])-2];#there was a trailling slash 
    20282028                                } 
    20292029                        } 
    2030                         $q['author_name'] = sanitize_title($q['author_name']); 
     2030                        $q['author_name'] = sanitize_title_for_query($q['author_name']); 
    20312031                        $q['author'] = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_nicename='".$q['author_name']."'"); 
    20322032                        $q['author'] = get_user_by('slug', $q['author_name']); 
    20332033                        if ( $q['author'] ) 
  • wp-includes/formatting.php

     
    628628                chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z', 
    629629                chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z', 
    630630                chr(197).chr(190) => 'z', chr(197).chr(191) => 's', 
     631                chr(200).chr(153) => 's', chr(200).chr(155) => 't', 
    631632                // Euro Sign 
    632633                chr(226).chr(130).chr(172) => 'E', 
    633634                // GBP (Pound) Sign 
     
    761762 * 
    762763 * @param string $title The string to be sanitized. 
    763764 * @param string $fallback_title Optional. A title to use if $title is empty. 
     765 * @param string $context Optional. The operation for which the string is sanitized 
    764766 * @return string The sanitized string. 
    765767 */ 
    766 function sanitize_title($title, $fallback_title = '') { 
     768function sanitize_title($title, $fallback_title = '', $context = 'save') { 
    767769        $raw_title = $title; 
    768         $title = strip_tags($title); 
    769         $title = apply_filters('sanitize_title', $title, $raw_title); 
    770770 
     771        if ( 'save' == $context ) 
     772                $title = remove_accents($title); 
     773 
     774        $title = apply_filters('sanitize_title', $title, $raw_title, $context); 
     775 
    771776        if ( '' === $title || false === $title ) 
    772777                $title = $fallback_title; 
    773778 
    774779        return $title; 
    775780} 
    776781 
     782function sanitize_title_for_query($title) { 
     783        return sanitize_title($title, '', 'query'); 
     784} 
     785 
    777786/** 
    778787 * Sanitizes title, replacing whitespace with dashes. 
    779788 * 
     
    794803        // Restore octets. 
    795804        $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title); 
    796805 
    797         $title = remove_accents($title); 
    798806        if (seems_utf8($title)) { 
    799807                if (function_exists('mb_strtolower')) { 
    800808                        $title = mb_strtolower($title, 'UTF-8');