Convert times/multiplication symbol (×) into the letter "x" when sanitizing titles for slugs

[archmaster7]

We had an issue where user thought they were entering an x (Latin Small Letter X (U+0078)) but they were actually entering the multiplication symbol (Multiplication Sign (U+00D7)). An "x" did not show up in the slug which lead to some issues. Might suggest disallowing Multiplication Sign (U+00D7) from titles.

The multiplication symbol can be replaced with "x" automatically when sanitizing the title for use in a slug. Core does similarly for dashes which get replaced with hyphens via sanitize_title_with_dashes(). This was touched in the 6.9 release in #64089.

[westonruter]

Maybe the multiplication symbol should be replaced with "x" automatically in the slugs? We do this similarly for dashes which get replaced with hyphens. This was touched in the 6.9 release in #64089.

This could be tackled as part of #64151.

[desrosj]

Replying to westonruter:

Maybe the multiplication symbol should be replaced with "x" automatically in the slugs? We do this similarly for dashes which get replaced with hyphens.

I think this makes sense, @westonruter.

Tackling it with #64151 could make sense, but that seems like a much larger effort that may take a while. Since this is just one character and a one line change (excluding tests), the best path forward may be to fix this now rather than wait.

[iflairwebtechnologies]

Hi
This patch resolves issue #64284, where the multiplication symbol (×) wasn't being replaced with the letter "x" when sanitizing titles for slugs.

The patch adds a line in the sanitize_title_with_dashes function to replace the multiplication sign (×) with "x" directly, as well as its encoded form (%c3%97).

Please review the patch and let me know if any changes are required.

[palak678]

I tested this on 6.9 RC3 with PHP 8.4. The title cleanup works well now. The multiplication sign changes to a normal ‘x’ in the slug. This makes the slug function easier to understand and more consistent.

[iflairwebtechnologies]

Replying to palak678:

I tested this on 6.9 RC3 with PHP 8.4. The title cleanup works well now. The multiplication sign changes to a normal ‘x’ in the slug. This makes the slug function easier to understand and more consistent.

Are you asking whether the patch we created (64284.diff) is functioning correctly, or if any improvements are needed?

[desrosj]

The Version field is for indicating the version of WordPress that first experienced a given problem.

Please leave the version as set unless you’ve discovered details that show it was introduced during a different release. Switching back to trunk since this was not introduced during the 6.9 release.

[palak678]

Replying to @iflairwebtechnologies

I tested this on 6.9 RC3 with PHP 8.4, and without applying the patch the multiplication sign is already converting to a normal ‘x’ in the slug. The functionality seems to be working.

[westonruter]

The patch 64284.diff​ seems to have unrelated changes.

Please open a pull request for collaboration and testing.

Also, I'm not entirely sure that sanitize_title_with_dashes() is the right function to apply this change in, since it is not related to replacing characters with dashes (read: hyphens). This is with discussing. That said, it actually does already replace some characters to 'x':

<?php
// Convert &times to 'x'.
$title = str_replace( '%c3%97', 'x', $title );

So this seems to be already settled.

The relevant addition from the patch then seems to be:

<?php
// Add the new line to convert the multiplication sign (×) directly to "x"
$title = str_replace( '×', 'x', $title );

Still, the patch replaces wp_is_valid_utf8() with seems_utf8() without explanation.

This will also need unit tests.