Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-26 06:45:07 +02:00
Code Issues Projects Releases Wiki Activity

sanitize_file_name() improvements. Props sivel. fixes #9416

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@11178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-05-04 20:20:48 +00:00
parent d3847a2f53
commit 3072fbb30d
2 changed files with 21 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
wp-includes/formatting.php
View File

@ -566,27 +566,27 @@ function remove_accents($string) {
} }
/** /**
* Filters certain characters from the file name. * Sanitizes a filename replacing whitespace with dashes
* *
* Turns all strings to lowercase removing most characters except alphanumeric * Removes special characters that are illegal in filenames on certain
* with spaces, dashes and periods. All spaces and underscores are converted to * operating systems and special characters requiring special escaping
* dashes. Multiple dashes are converted to a single dash. Finally, if the file * to manipulate at the command line. Replaces spaces and consecutive
* name ends with a dash, it is removed. * dashes with a single dash. Trim period, dash and underscore from beginning
* and end of filename.
* *
* @since 2.1.0 * @since 2.1.0
* *
* @param string $name The file name * @param string $filename The filename to be sanitized
* @return string Sanitized file name * @return string The sanitized filename
*/ */
function sanitize_file_name( $name ) { // Like sanitize_title, but with periods function sanitize_file_name( $filename ) {
$name = strtolower( $name ); $filename_raw = $filename;
$name = preg_replace('/&.+?;/', '', $name); // kill entities $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}");
$name = str_replace( '_', '-', $name ); $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
$name = preg_replace('/[^a-z0-9\s-.]/', '', $name); $filename = str_replace($special_chars, '', $filename);
$name = preg_replace('/\s+/', '-', $name); $filename = preg_replace('/[\s-]+/', '-', $filename);
$name = preg_replace('|-+|', '-', $name); $filename = trim($filename, '.-_');
$name = trim($name, '-'); return apply_filters('sanitize_file_name', $filename, $filename_raw);
return $name;
} }
/** /**

12
wp-includes/functions.php
View File

@ -2013,12 +2013,14 @@ function wp_upload_dir( $time = null ) {
* @return string New filename, if given wasn't unique. * @return string New filename, if given wasn't unique.
*/ */
function wp_unique_filename( $dir, $filename, $unique_filename_callback = null ) { function wp_unique_filename( $dir, $filename, $unique_filename_callback = null ) {
$filename = strtolower( $filename ); // sanitize the file name before we begin processing
$filename = sanitize_file_name($filename);
// separate the filename into a name and extension // separate the filename into a name and extension
$info = pathinfo($filename); $info = pathinfo($filename);
$ext = !empty($info['extension']) ? $info['extension'] : ''; $ext = !empty($info['extension']) ? $info['extension'] : '';
$name = basename($filename, ".{$ext}"); $name = basename($filename, ".{$ext}");
// edge case: if file is named '.ext', treat as an empty name // edge case: if file is named '.ext', treat as an empty name
if( $name === ".$ext" ) if( $name === ".$ext" )
$name = ''; $name = '';
@ -2030,11 +2032,7 @@ function wp_unique_filename( $dir, $filename, $unique_filename_callback = null )
$number = ''; $number = '';
if ( !empty( $ext ) ) if ( !empty( $ext ) )
$ext = strtolower( ".$ext" ); $ext = ".$ext";
$filename = str_replace( $ext, '', $filename );
// Strip % so the server doesn't try to decode entities.
$filename = str_replace('%', '', sanitize_title_with_dashes( $filename ) ) . $ext;
while ( file_exists( $dir . "/$filename" ) ) { while ( file_exists( $dir . "/$filename" ) ) {
if ( '' == "$number$ext" ) if ( '' == "$number$ext" )