WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/29/2020 04:06:55 PM (15 months ago)
Author:
whyisjake
Message:

Customize: Add additional filters to Customizer to prevent JSON corruption.
User: Invalidate user_activation_key on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Block Editor: Coding standards, properly escape class names.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand sanitize_file_name to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47636], [47637], and [47638] to the 5.1 branch.

Props: aduth, batmoo, ehti, ellatrix, jorgefilipecosta, nickdaugherty, noisysocks, pento, peterwilsoncc, sergeybiryukov, sstoqnov, talldanwp, westi, westonruter, whyisjake, whyisjake, xknown.

Location:
branches/5.1
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.1

  • branches/5.1/src/wp-includes/formatting.php

    r46919 r47646  
    19991999    $filename_raw  = $filename;
    20002000    $special_chars = array( '?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}', '%', '+', chr( 0 ) );
     2001
     2002    // Check for support for utf8 in the installed PCRE library once and store the result in a static.
     2003    static $utf8_pcre = null;
     2004    if ( ! isset( $utf8_pcre ) ) {
     2005        // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
     2006        $utf8_pcre = @preg_match( '/^./u', 'a' );
     2007    }
     2008
     2009    if ( ! seems_utf8( $filename ) ) {
     2010        $_ext     = pathinfo( $filename, PATHINFO_EXTENSION );
     2011        $_name    = pathinfo( $filename, PATHINFO_FILENAME );
     2012        $filename = sanitize_title_with_dashes( $_name ) . '.' . $_ext;
     2013    }
     2014
     2015    if ( $utf8_pcre ) {
     2016        $filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
     2017    }
     2018
    20012019    /**
    20022020     * Filters the list of characters to remove from a filename.
     
    20082026     */
    20092027    $special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw );
    2010     $filename      = preg_replace( "#\x{00a0}#siu", ' ', $filename );
    20112028    $filename      = str_replace( $special_chars, '', $filename );
    20122029    $filename      = str_replace( array( '%20', '+' ), '-', $filename );
Note: See TracChangeset for help on using the changeset viewer.