Make WordPress Core


Ignore:
Timestamp:
05/16/2023 03:21:39 PM (19 months ago)
Author:
audrasjb
Message:

Grouped backports to the 5.9 branch.

  • Media: Prevent CSRF setting attachment thumbnails.
  • Embeds: Add protocol validation for WordPress Embed code.
  • I18N: Introduce sanitization function for locale.
  • Editor: Ensure block comments are of a valid form.
  • Editor: Remove shortcode support from block templates.

Merges [55760-55764] to the 5.9 branch.
Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/5.9/src/wp-includes/formatting.php

    r52464 r55774  
    24102410
    24112411/**
     2412 * Strips out all characters not allowed in a locale name.
     2413 *
     2414 * @since 6.2.1
     2415 *
     2416 * @param string $locale_name The locale name to be sanitized.
     2417 * @return string The sanitized value.
     2418 */
     2419function sanitize_locale_name( $locale_name ) {
     2420    // Limit to A-Z, a-z, 0-9, '_', '-'.
     2421    $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $locale_name );
     2422
     2423    /**
     2424     * Filters a sanitized locale name string.
     2425     *
     2426     * @since 6.2.1
     2427     *
     2428     * @param string $sanitized   The sanitized locale name.
     2429     * @param string $locale_name The locale name before sanitization.
     2430     */
     2431    return apply_filters( 'sanitize_locale_name', $sanitized, $locale_name );
     2432}
     2433
     2434/**
    24122435 * Converts lone & characters into `&` (a.k.a. `&`)
    24132436 *
Note: See TracChangeset for help on using the changeset viewer.