diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php index 602ab25290..4ddcbf37ac 100644 --- a/wp-admin/includes/upgrade.php +++ b/wp-admin/includes/upgrade.php @@ -1163,8 +1163,8 @@ function upgrade_280() { $start = 0; while( $rows = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options ORDER BY option_id LIMIT $start, 20" ) ) { foreach( $rows as $row ) { - $value = $row->option_value; - if ( !@unserialize( $value ) ) + $value = maybe_unserialize( $row->option_value ); + if ( $value === $row->option_value ) $value = stripslashes( $value ); if ( $value !== $row->option_value ) { update_option( $row->option_name, $value ); diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 27742e9a22..bc0a86655d 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -908,12 +908,14 @@ function wp_check_invalid_utf8( $string, $strip = false ) { * Encode the Unicode values to be used in the URI. * * @since 1.5.0 + * @since 5.8.3 Added the `encode_ascii_characters` parameter. * * @param string $utf8_string * @param int $length Max length of the string + * @param bool $encode_ascii_characters Whether to encode ascii characters such as < " ' * @return string String with Unicode encoded for URI. */ -function utf8_uri_encode( $utf8_string, $length = 0 ) { +function utf8_uri_encode( $utf8_string, $length = 0, $encode_ascii_characters = false ) { $unicode = ''; $values = array(); $num_octets = 1; @@ -928,10 +930,14 @@ function utf8_uri_encode( $utf8_string, $length = 0 ) { $value = ord( $utf8_string[ $i ] ); if ( $value < 128 ) { - if ( $length && ( $unicode_length >= $length ) ) + $char = chr( $value ); + $encoded_char = $encode_ascii_characters ? rawurlencode( $char ) : $char; + $encoded_char_length = strlen( $encoded_char ); + if ( $length && ( $unicode_length + $encoded_char_length ) > $length ) { break; - $unicode .= chr($value); - $unicode_length++; + } + $unicode .= $encoded_char; + $unicode_length += $encoded_char_length; } else { if ( count( $values ) == 0 ) { if ( $value < 224 ) { diff --git a/wp-includes/meta.php b/wp-includes/meta.php index c41ceaaa49..96509c7124 100644 --- a/wp-includes/meta.php +++ b/wp-includes/meta.php @@ -1548,7 +1548,7 @@ class WP_Meta_Query { $clause_compare = strtoupper( $clause['compare'] ); $sibling_compare = strtoupper( $sibling['compare'] ); if ( in_array( $clause_compare, $compatible_compares ) && in_array( $sibling_compare, $compatible_compares ) ) { - $alias = $sibling['alias']; + $alias = preg_replace( '/\W/', '_', $sibling['alias'] ); break; } } diff --git a/wp-includes/post.php b/wp-includes/post.php index 048ce9a54a..a44e98f842 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -3825,7 +3825,7 @@ function _truncate_post_slug( $slug, $length = 200 ) { if ( $decoded_slug === $slug ) $slug = substr( $slug, 0, $length ); else - $slug = utf8_uri_encode( $decoded_slug, $length ); + $slug = utf8_uri_encode( $decoded_slug, $length, true ); } return rtrim( $slug, '-' ); diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index ebbdd305b3..337262bc3f 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -1155,7 +1155,7 @@ class WP_Tax_Query { // The sibling must both have compatible operator to share its alias. if ( in_array( strtoupper( $sibling['operator'] ), $compatible_operators ) ) { - $alias = $sibling['alias']; + $alias = preg_replace( '/\W/', '_', $sibling['alias'] ); break; } } @@ -1185,7 +1185,11 @@ class WP_Tax_Query { return; } - $query['terms'] = array_unique( (array) $query['terms'] ); + if ( 'slug' === $query['field'] || 'name' === $query['field'] ) { + $query['terms'] = array_unique( (array) $query['terms'] ); + } else { + $query['terms'] = wp_parse_id_list( $query['terms'] ); + } if ( is_taxonomy_hierarchical( $query['taxonomy'] ) && $query['include_children'] ) { $this->transform_query( $query, 'term_id' );