Make WordPress Core

Changeset 11178


Ignore:
Timestamp:
05/04/2009 08:20:48 PM (15 years ago)
Author:
ryan
Message:

sanitize_file_name() improvements. Props sivel. fixes #9416

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/formatting.php

    r11126 r11178  
    567567
    568568/**
    569  * Filters certain characters from the file name.
    570  *
    571  * Turns all strings to lowercase removing most characters except alphanumeric
    572  * with spaces, dashes and periods. All spaces and underscores are converted to
    573  * dashes. Multiple dashes are converted to a single dash. Finally, if the file
    574  * name ends with a dash, it is removed.
     569 * Sanitizes a filename replacing whitespace with dashes
     570 *
     571 * Removes special characters that are illegal in filenames on certain
     572 * operating systems and special characters requiring special escaping
     573 * to manipulate at the command line. Replaces spaces and consecutive
     574 * dashes with a single dash. Trim period, dash and underscore from beginning
     575 * and end of filename.
    575576 *
    576577 * @since 2.1.0
    577578 *
    578  * @param string $name The file name
    579  * @return string Sanitized file name
    580  */
    581 function sanitize_file_name( $name ) { // Like sanitize_title, but with periods
    582     $name = strtolower( $name );
    583     $name = preg_replace('/&.+?;/', '', $name); // kill entities
    584     $name = str_replace( '_', '-', $name );
    585     $name = preg_replace('/[^a-z0-9\s-.]/', '', $name);
    586     $name = preg_replace('/\s+/', '-', $name);
    587     $name = preg_replace('|-+|', '-', $name);
    588     $name = trim($name, '-');
    589     return $name;
     579 * @param string $filename The filename to be sanitized
     580 * @return string The sanitized filename
     581 */
     582function sanitize_file_name( $filename ) {
     583    $filename_raw = $filename;
     584    $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}");
     585    $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
     586    $filename = str_replace($special_chars, '', $filename);
     587    $filename = preg_replace('/[\s-]+/', '-', $filename);
     588    $filename = trim($filename, '.-_');
     589    return apply_filters('sanitize_file_name', $filename, $filename_raw);
    590590}
    591591
  • trunk/wp-includes/functions.php

    r11170 r11178  
    20142014 */
    20152015function wp_unique_filename( $dir, $filename, $unique_filename_callback = null ) {
    2016     $filename = strtolower( $filename );
     2016    // sanitize the file name before we begin processing
     2017    $filename = sanitize_file_name($filename);
     2018
    20172019    // separate the filename into a name and extension
    20182020    $info = pathinfo($filename);
    20192021    $ext = !empty($info['extension']) ? $info['extension'] : '';
    20202022    $name = basename($filename, ".{$ext}");
    2021 
     2023   
    20222024    // edge case: if file is named '.ext', treat as an empty name
    20232025    if( $name === ".$ext" )
     
    20312033
    20322034        if ( !empty( $ext ) )
    2033             $ext = strtolower( ".$ext" );
    2034 
    2035         $filename = str_replace( $ext, '', $filename );
    2036         // Strip % so the server doesn't try to decode entities.
    2037         $filename = str_replace('%', '', sanitize_title_with_dashes( $filename ) ) . $ext;
     2035            $ext = ".$ext";
    20382036
    20392037        while ( file_exists( $dir . "/$filename" ) ) {
Note: See TracChangeset for help on using the changeset viewer.