Make WordPress Core

Changeset 35122


Ignore:
Timestamp:
10/13/2015 03:21:13 AM (8 years ago)
Author:
wonderboymusic
Message:

Fotmatting: in sanitize_file_name(), escape % when uploads contain them, otherwise attachment URLs will unescape the char and break.

Adds unit tests.

Props mordauk, simonwheatley, dd32, solarissmoke.
Fixes #16226.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r34920 r35122  
    13691369function sanitize_file_name( $filename ) {
    13701370    $filename_raw = $filename;
    1371     $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
     1371    $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", "%", "+", chr(0));
    13721372    /**
    13731373     * Filter the list of characters to remove from a filename.
  • trunk/tests/phpunit/tests/formatting/SanitizeFileName.php

    r29290 r35122  
    1212
    1313    function test_removes_special_chars() {
    14         $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
     14        $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", "%", "+", chr(0));
    1515        $string = 'test';
    1616        foreach ( $special_chars as $char )
     
    2727    function test_replace_spaces() {
    2828        $urls = array(
    29             'unencoded space.png'   => 'unencoded-space.png',
    30             'encoded%20space.jpg'  => 'encoded-space.jpg',
    31             'plus+space.jpg'        => 'plus-space.jpg',
    32             'multi %20 +space.png'   => 'multi-space.png',
     29            'unencoded space.png' => 'unencoded-space.png',
     30            'encoded-space.jpg' => 'encoded-space.jpg',
     31            'plus+space.jpg' => 'plusspace.jpg',
     32            'multi %20 +space.png' => 'multi-20-space.png',
    3333        );
    3434
     
    5050        $this->assertEquals("a-t", sanitize_file_name("a    \n\n\nt"));
    5151    }
     52
     53    /**
     54     * @ticket 16226
     55     */
     56    function test_replaces_percent_sign() {
     57        $this->assertEquals( 'a22b.jpg', sanitize_file_name( 'a%22b.jpg' ) );
     58    }
    5259}
Note: See TracChangeset for help on using the changeset viewer.