Changeset 55346 for trunk/src/wp-includes/formatting.php
- Timestamp:
- 02/15/2023 01:04:06 PM (19 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/formatting.php
r55289 r55346 2112 2112 * Sanitizes a username, stripping out unsafe characters. 2113 2113 * 2114 * Removes tags, octets, entities, and if strict is enabled, will only keep2115 * alphanumeric, _, space, ., -, @. After sanitizing, it passes the username,2116 * raw username (the username in the parameter), and the value of $strict as 2117 * parametersfor the {@see 'sanitize_user'} filter.2114 * Removes tags, percent-encoded characters, HTML entities, and if strict is enabled, 2115 * will only keep alphanumeric, _, space, ., -, @. After sanitizing, it passes the username, 2116 * raw username (the username in the parameter), and the value of $strict as parameters 2117 * for the {@see 'sanitize_user'} filter. 2118 2118 * 2119 2119 * @since 2.0.0 2120 2120 * 2121 2121 * @param string $username The username to be sanitized. 2122 * @param bool $strict Optional. If set limits $username to specific characters.2122 * @param bool $strict Optional. If set to true, limits $username to specific characters. 2123 2123 * Default false. 2124 2124 * @return string The sanitized username, after passing through filters. … … 2128 2128 $username = wp_strip_all_tags( $username ); 2129 2129 $username = remove_accents( $username ); 2130 // Kill octets.2130 // Remove percent-encoded characters. 2131 2131 $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username ); 2132 // Killentities.2132 // Remove HTML entities. 2133 2133 $username = preg_replace( '/&.+?;/', '', $username ); 2134 2134 … … 2365 2365 } 2366 2366 2367 // Killentities.2367 // Remove HTML entities. 2368 2368 $title = preg_replace( '/&.+?;/', '', $title ); 2369 2369 $title = str_replace( '.', '-', $title ); … … 2413 2413 */ 2414 2414 function sanitize_html_class( $classname, $fallback = '' ) { 2415 // Strip out any %-encoded octets.2415 // Strip out any percent-encoded characters. 2416 2416 $sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $classname ); 2417 2417 … … 5451 5451 * - Strips all tags 5452 5452 * - Removes line breaks, tabs, and extra whitespace 5453 * - Strips octets5453 * - Strips percent-encoded characters 5454 5454 * 5455 5455 * @since 2.9.0 … … 5528 5528 $filtered = wp_strip_all_tags( $filtered, false ); 5529 5529 5530 // Use HTML entities in a special case to make sure no later 5531 // newline stripping stage could lead to a functional tag. 5530 /* 5531 * Use HTML entities in a special case to make sure that 5532 * later newline stripping stages cannot lead to a functional tag. 5533 */ 5532 5534 $filtered = str_replace( "<\n", "<\n", $filtered ); 5533 5535 } … … 5538 5540 $filtered = trim( $filtered ); 5539 5541 5542 // Remove percent-encoded characters. 5540 5543 $found = false; 5541 5544 while ( preg_match( '/%[a-f0-9]{2}/i', $filtered, $match ) ) { … … 5545 5548 5546 5549 if ( $found ) { 5547 // Strip out the whitespace that may now exist after removing the octets.5550 // Strip out the whitespace that may now exist after removing percent-encoded characters. 5548 5551 $filtered = trim( preg_replace( '/ +/', ' ', $filtered ) ); 5549 5552 }
Note: See TracChangeset
for help on using the changeset viewer.