WordPress.org

Make WordPress Core

Changeset 48596


Ignore:
Timestamp:
07/24/2020 12:57:26 AM (14 months ago)
Author:
SergeyBiryukov
Message:

Media: Filter out a few more special characters in sanitize_file_name().

Props audrasjb.
Fixes #50231.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r48593 r48596  
    19861986function sanitize_file_name( $filename ) {
    19871987    $filename_raw  = $filename;
    1988     $special_chars = array( '?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}', '%', '+', chr( 0 ) );
     1988    $special_chars = array( '?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}', '%', '+', '’', '«', '»', '”', '“', chr( 0 ) );
    19891989
    19901990    // Check for support for utf8 in the installed PCRE library once and store the result in a static.
  • trunk/tests/phpunit/tests/formatting/SanitizeFileName.php

    r47664 r48596  
    1212
    1313    function test_removes_special_chars() {
    14         $special_chars = array( '?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}', '%', '+', chr( 0 ) );
     14        $special_chars = array( '?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}', '%', '+', '’', '«', '»', '”', '“', chr( 0 ) );
    1515        $string        = 'test';
    1616        foreach ( $special_chars as $char ) {
Note: See TracChangeset for help on using the changeset viewer.