diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 6b4bb86ab4..4767a3c993 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -628,6 +628,7 @@ function remove_accents($string) { chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z', chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z', chr(197).chr(190) => 'z', chr(197).chr(191) => 's', + chr(200).chr(153) => 's', chr(200).chr(155) => 't', // Euro Sign chr(226).chr(130).chr(172) => 'E', // GBP (Pound) Sign @@ -783,12 +784,16 @@ function sanitize_key( $key ) { * * @param string $title The string to be sanitized. * @param string $fallback_title Optional. A title to use if $title is empty. + * @param string $context Optional. The operation for which the string is sanitized * @return string The sanitized string. */ -function sanitize_title($title, $fallback_title = '') { +function sanitize_title($title, $fallback_title = '', $context = 'save') { $raw_title = $title; - $title = strip_tags($title); - $title = apply_filters('sanitize_title', $title, $raw_title); + + if ( 'save' == $context ) + $title = remove_accents($title); + + $title = apply_filters('sanitize_title', $title, $raw_title, $context); if ( '' === $title || false === $title ) $title = $fallback_title; @@ -796,6 +801,10 @@ function sanitize_title($title, $fallback_title = '') { return $title; } +function sanitize_title_for_query($title) { + return sanitize_title($title, '', 'query'); +} + /** * Sanitizes title, replacing whitespace with dashes. * @@ -816,7 +825,6 @@ function sanitize_title_with_dashes($title) { // Restore octets. $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title); - $title = remove_accents($title); if (seems_utf8($title)) { if (function_exists('mb_strtolower')) { $title = mb_strtolower($title, 'UTF-8'); diff --git a/wp-includes/query.php b/wp-includes/query.php index eb04546ce6..dcdd36b83a 100644 --- a/wp-includes/query.php +++ b/wp-includes/query.php @@ -1784,7 +1784,7 @@ class WP_Query extends WP_Object_Query { } if ( '' != $q['name'] ) { - $q['name'] = sanitize_title( $q['name'] ); + $q['name'] = sanitize_title_for_query( $q['name'] ); $where .= " AND $wpdb->posts.post_name = '" . $q['name'] . "'"; } elseif ( '' != $q['pagename'] ) { if ( isset($this->queried_object_id) ) { @@ -1812,7 +1812,7 @@ class WP_Query extends WP_Object_Query { $page_for_posts = get_option('page_for_posts'); if ( ('page' != get_option('show_on_front') ) || empty($page_for_posts) || ( $reqpage != $page_for_posts ) ) { - $q['pagename'] = sanitize_title( $this->_qv_basename( $q['pagename'] ) ); + $q['pagename'] = sanitize_title_for_query( $this->_qv_basename( $q['pagename'] ) ); $q['name'] = $q['pagename']; $where .= " AND ($wpdb->posts.ID = '$reqpage')"; $reqpage_obj = get_page($reqpage); @@ -1824,7 +1824,7 @@ class WP_Query extends WP_Object_Query { } } } elseif ( '' != $q['attachment'] ) { - $q['attachment'] = sanitize_title( $this->_qv_basename( $q['attachment'] ) ); + $q['attachment'] = sanitize_title_for_query( $this->_qv_basename( $q['attachment'] ) ); $q['name'] = $q['attachment']; $where .= " AND $wpdb->posts.post_name = '" . $q['attachment'] . "'"; } @@ -1957,7 +1957,7 @@ class WP_Query extends WP_Object_Query { $q['author_name'] = $q['author_name'][count($q['author_name'])-2]; // there was a trailling slash } } - $q['author_name'] = sanitize_title( $q['author_name'] ); + $q['author_name'] = sanitize_title_for_query( $q['author_name'] ); $q['author'] = get_user_by('slug', $q['author_name']); if ( $q['author'] ) $q['author'] = $q['author']->ID; diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index b1fd9f922b..bd8599d1a9 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -534,7 +534,7 @@ function get_objects_in_term( $terms, $taxonomies, $args = array() ) { case 'slug': case 'name': foreach ( $terms as $i => $term ) { - $terms[$i] = sanitize_term_field('slug', $term, 0, $taxonomy, 'db'); + $terms[$i] = sanitize_title_for_query( $term ); } $terms = array_filter($terms);