Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-25 22:35:02 +02:00
Code Issues Projects Releases Wiki Activity

Introduce sanitize_title_for_query(). See #9591

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@15929 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
scribu 2010-10-23 12:55:55 +00:00
parent fa9f9ed688
commit c613576e77
3 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
wp-includes/formatting.php
View File

@ -628,6 +628,7 @@ function remove_accents($string) {
chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z', chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z', chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
chr(197).chr(190) => 'z', chr(197).chr(191) => 's', chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
chr(200).chr(153) => 's', chr(200).chr(155) => 't',
// Euro Sign // Euro Sign
chr(226).chr(130).chr(172) => 'E', chr(226).chr(130).chr(172) => 'E',
// GBP (Pound) Sign // GBP (Pound) Sign
@ -783,12 +784,16 @@ function sanitize_key( $key ) {
* *
* @param string $title The string to be sanitized. * @param string $title The string to be sanitized.
* @param string $fallback_title Optional. A title to use if $title is empty. * @param string $fallback_title Optional. A title to use if $title is empty.
* @param string $context Optional. The operation for which the string is sanitized
* @return string The sanitized string. * @return string The sanitized string.
*/ */
function sanitize_title($title, $fallback_title = '') { function sanitize_title($title, $fallback_title = '', $context = 'save') {
$raw_title = $title; $raw_title = $title;
$title = strip_tags($title);
$title = apply_filters('sanitize_title', $title, $raw_title); if ( 'save' == $context )
$title = remove_accents($title);
$title = apply_filters('sanitize_title', $title, $raw_title, $context);
if ( '' === $title || false === $title ) if ( '' === $title || false === $title )
$title = $fallback_title; $title = $fallback_title;
@ -796,6 +801,10 @@ function sanitize_title($title, $fallback_title = '') {
return $title; return $title;
} }
function sanitize_title_for_query($title) {
return sanitize_title($title, '', 'query');
}
/** /**
* Sanitizes title, replacing whitespace with dashes. * Sanitizes title, replacing whitespace with dashes.
* *
@ -816,7 +825,6 @@ function sanitize_title_with_dashes($title) {
// Restore octets. // Restore octets.
$title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title); $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
$title = remove_accents($title);
if (seems_utf8($title)) { if (seems_utf8($title)) {
if (function_exists('mb_strtolower')) { if (function_exists('mb_strtolower')) {
$title = mb_strtolower($title, 'UTF-8'); $title = mb_strtolower($title, 'UTF-8');

8
wp-includes/query.php
View File

@ -1784,7 +1784,7 @@ class WP_Query extends WP_Object_Query {
} }
if ( '' != $q['name'] ) { if ( '' != $q['name'] ) {
$q['name'] = sanitize_title( $q['name'] ); $q['name'] = sanitize_title_for_query( $q['name'] );
$where .= " AND $wpdb->posts.post_name = '" . $q['name'] . "'"; $where .= " AND $wpdb->posts.post_name = '" . $q['name'] . "'";
} elseif ( '' != $q['pagename'] ) { } elseif ( '' != $q['pagename'] ) {
if ( isset($this->queried_object_id) ) { if ( isset($this->queried_object_id) ) {
@ -1812,7 +1812,7 @@ class WP_Query extends WP_Object_Query {
$page_for_posts = get_option('page_for_posts'); $page_for_posts = get_option('page_for_posts');
if ( ('page' != get_option('show_on_front') ) || empty($page_for_posts) || ( $reqpage != $page_for_posts ) ) { if ( ('page' != get_option('show_on_front') ) || empty($page_for_posts) || ( $reqpage != $page_for_posts ) ) {
$q['pagename'] = sanitize_title( $this->_qv_basename( $q['pagename'] ) ); $q['pagename'] = sanitize_title_for_query( $this->_qv_basename( $q['pagename'] ) );
$q['name'] = $q['pagename']; $q['name'] = $q['pagename'];
$where .= " AND ($wpdb->posts.ID = '$reqpage')"; $where .= " AND ($wpdb->posts.ID = '$reqpage')";
$reqpage_obj = get_page($reqpage); $reqpage_obj = get_page($reqpage);
@ -1824,7 +1824,7 @@ class WP_Query extends WP_Object_Query {
} }
} }
} elseif ( '' != $q['attachment'] ) { } elseif ( '' != $q['attachment'] ) {
$q['attachment'] = sanitize_title( $this->_qv_basename( $q['attachment'] ) ); $q['attachment'] = sanitize_title_for_query( $this->_qv_basename( $q['attachment'] ) );
$q['name'] = $q['attachment']; $q['name'] = $q['attachment'];
$where .= " AND $wpdb->posts.post_name = '" . $q['attachment'] . "'"; $where .= " AND $wpdb->posts.post_name = '" . $q['attachment'] . "'";
} }
@ -1957,7 +1957,7 @@ class WP_Query extends WP_Object_Query {
$q['author_name'] = $q['author_name'][count($q['author_name'])-2]; // there was a trailling slash $q['author_name'] = $q['author_name'][count($q['author_name'])-2]; // there was a trailling slash
} }
} }
$q['author_name'] = sanitize_title( $q['author_name'] ); $q['author_name'] = sanitize_title_for_query( $q['author_name'] );
$q['author'] = get_user_by('slug', $q['author_name']); $q['author'] = get_user_by('slug', $q['author_name']);
if ( $q['author'] ) if ( $q['author'] )
$q['author'] = $q['author']->ID; $q['author'] = $q['author']->ID;

2
wp-includes/taxonomy.php
View File

@ -534,7 +534,7 @@ function get_objects_in_term( $terms, $taxonomies, $args = array() ) {
case 'slug': case 'slug':
case 'name': case 'name':
foreach ( $terms as $i => $term ) { foreach ( $terms as $i => $term ) {
$terms[$i] = sanitize_term_field('slug', $term, 0, $taxonomy, 'db'); $terms[$i] = sanitize_title_for_query( $term );
} }
$terms = array_filter($terms); $terms = array_filter($terms);