Changeset 55791 for branches/5.0/src/wp-includes/formatting.php

Timestamp:

05/16/2023 04:02:16 PM (3 years ago)

Author:

SergeyBiryukov

Message:

Grouped backports to the 5.0 branch.

• Media: Prevent CSRF setting attachment thumbnails.
• Embeds: Add protocol validation for WordPress Embed code.
• I18N: Introduce sanitization function for locale.
• Editor: Ensure block comments are of a valid form.

Merges [55760-55764] to the 5.0 branch
Props dd32, isabel_brison, martinkrcho, matveb, ocean90, paulkevan, peterwilsoncc, timothyblynjacobs, xknown, youknowriad.

File:

• branches/5.0/src/wp-includes/formatting.php (modified) (1 diff)

branches/5.0/src/wp-includes/formatting.php

@@ -2114 +2114 @@
      */
     return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback );
+}
+
+/**
+ * Strips out all characters not allowed in a locale name.
+ *
+ * @since 6.2.1
+ *
+ * @param string $locale_name The locale name to be sanitized.
+ * @return string The sanitized value.
+ */
+function sanitize_locale_name( $locale_name ) {
+    // Limit to A-Z, a-z, 0-9, '_', '-'.
+    $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $locale_name );
+
+    /**
+     * Filters a sanitized locale name string.
+     *
+     * @since 6.2.1
+     *
+     * @param string $sanitized   The sanitized locale name.
+     * @param string $locale_name The locale name before sanitization.
+     */
+    return apply_filters( 'sanitize_locale_name', $sanitized, $locale_name );
 }