Make WordPress Core

Changeset 55765


Ignore:
Timestamp:
05/16/2023 02:40:11 PM (17 months ago)
Author:
audrasjb
Message:

I18N: Introduce sanitization function for locale.

Introduce the sanitize_locale_name() for sanitizing user input of locales.

Props xknown, timothyblynjacobs, ocean90, peterwilsoncc.
Merges [55760] to branch 6.2.

Location:
branches/6.2
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • branches/6.2/src/wp-includes/formatting.php

    r55495 r55765  
    24352435
    24362436/**
     2437 * Strips out all characters not allowed in a locale name.
     2438 *
     2439 * @since 6.2.1
     2440 *
     2441 * @param string $locale_name The locale name to be sanitized.
     2442 * @return string The sanitized value.
     2443 */
     2444function sanitize_locale_name( $locale_name ) {
     2445    // Limit to A-Z, a-z, 0-9, '_', '-'.
     2446    $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $locale_name );
     2447
     2448    /**
     2449     * Filters a sanitized locale name string.
     2450     *
     2451     * @since 6.2.1
     2452     *
     2453     * @param string $sanitized   The sanitized locale name.
     2454     * @param string $locale_name The locale name before sanitization.
     2455     */
     2456    return apply_filters( 'sanitize_locale_name', $sanitized, $locale_name );
     2457}
     2458
     2459/**
    24372460 * Converts lone & characters into `&` (a.k.a. `&`)
    24382461 *
  • branches/6.2/src/wp-includes/l10n.php

    r55351 r55765  
    150150
    151151    if ( ! empty( $_GET['wp_lang'] ) ) {
    152         $wp_lang = sanitize_text_field( $_GET['wp_lang'] );
     152        $wp_lang = sanitize_locale_name( wp_unslash( $_GET['wp_lang'] ) );
    153153    } elseif ( ! empty( $_COOKIE['wp_lang'] ) ) {
    154         $wp_lang = sanitize_text_field( $_COOKIE['wp_lang'] );
     154        $wp_lang = sanitize_locale_name( wp_unslash( $_COOKIE['wp_lang'] ) );
    155155    }
    156156
Note: See TracChangeset for help on using the changeset viewer.