From 14ec951269864fb622287004375ecaa210e19f2b Mon Sep 17 00:00:00 2001
From: nacin <nacin@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 6 Apr 2011 21:28:52 +0000
Subject: [PATCH] Make underscores valid in sanitize_html_class. fixes #17067.

git-svn-id: http://svn.automattic.com/wordpress/trunk@17614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/formatting.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index c4f53e9c97..4b190c0669 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -876,7 +876,7 @@ function sanitize_sql_orderby( $orderby ){
 /**
  * Santizes a html classname to ensure it only contains valid characters
  *
- * Strips the string down to A-Z,a-z,0-9,'-' if this results in an empty
+ * Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty
  * string then it will return the alternative value supplied.
  *
  * @todo Expand to support the full range of CDATA that a class attribute can contain.
@@ -890,10 +890,10 @@ function sanitize_sql_orderby( $orderby ){
  */
 function sanitize_html_class( $class, $fallback = '' ) {
 	//Strip out any % encoded octets
-	$sanitized = preg_replace('|%[a-fA-F0-9][a-fA-F0-9]|', '', $class);
+	$sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class );
 
-	//Limit to A-Z,a-z,0-9,'-'
-	$sanitized = preg_replace('/[^A-Za-z0-9-]/', '', $sanitized);
+	//Limit to A-Z,a-z,0-9,_,-
+	$sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );
 
 	if ( '' == $sanitized )
 		$sanitized = $fallback;