From d8e20fa27391f376baafae9503507c772e7f27f3 Mon Sep 17 00:00:00 2001
From: Scott Taylor <scott.c.taylor@mac.com>
Date: Tue, 13 Oct 2015 03:22:24 +0000
Subject: [PATCH] Fotmatting: in `sanitize_file_name()`, escape `%` when
 uploads contain them, otherwise attachment URLs will unescape the char and
 break.

Adds unit tests.

Props mordauk, simonwheatley, dd32, solarissmoke.
Fixes #16226.

Built from https://develop.svn.wordpress.org/trunk@35122


git-svn-id: http://core.svn.wordpress.org/trunk@35087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/formatting.php | 2 +-
 wp-includes/version.php    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index 2efef24c1e..07bc8d23d9 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -1368,7 +1368,7 @@ function remove_accents( $string ) {
  */
 function sanitize_file_name( $filename ) {
 	$filename_raw = $filename;
-	$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
+	$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", "%", "+", chr(0));
 	/**
 	 * Filter the list of characters to remove from a filename.
 	 *
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 48f589264c..461c7b46c4 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.4-alpha-35121';
+$wp_version = '4.4-alpha-35122';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.