I18N: Introduce sanitization function for locale.

Introduce the `sanitize_locale_name()` for sanitizing user input of locales.

Props xknown, timothyblynjacobs, ocean90, peterwilsoncc.


Built from https://develop.svn.wordpress.org/trunk@55760


git-svn-id: http://core.svn.wordpress.org/trunk@55272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
audrasjb 2023-05-16 14:18:20 +00:00
parent b49912434d
commit 02a131ec30
3 changed files with 26 additions and 3 deletions

View File

@ -2433,6 +2433,29 @@ function sanitize_html_class( $classname, $fallback = '' ) {
return apply_filters( 'sanitize_html_class', $sanitized, $classname, $fallback ); return apply_filters( 'sanitize_html_class', $sanitized, $classname, $fallback );
} }
/**
* Strips out all characters not allowed in a locale name.
*
* @since 6.2.1
*
* @param string $locale_name The locale name to be sanitized.
* @return string The sanitized value.
*/
function sanitize_locale_name( $locale_name ) {
// Limit to A-Z, a-z, 0-9, '_', '-'.
$sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $locale_name );
/**
* Filters a sanitized locale name string.
*
* @since 6.2.1
*
* @param string $sanitized The sanitized locale name.
* @param string $locale_name The locale name before sanitization.
*/
return apply_filters( 'sanitize_locale_name', $sanitized, $locale_name );
}
/** /**
* Converts lone & characters into `&` (a.k.a. `&`) * Converts lone & characters into `&` (a.k.a. `&`)
* *

View File

@ -149,9 +149,9 @@ function determine_locale() {
$wp_lang = ''; $wp_lang = '';
if ( ! empty( $_GET['wp_lang'] ) ) { if ( ! empty( $_GET['wp_lang'] ) ) {
$wp_lang = sanitize_text_field( $_GET['wp_lang'] ); $wp_lang = sanitize_locale_name( wp_unslash( $_GET['wp_lang'] ) );
} elseif ( ! empty( $_COOKIE['wp_lang'] ) ) { } elseif ( ! empty( $_COOKIE['wp_lang'] ) ) {
$wp_lang = sanitize_text_field( $_COOKIE['wp_lang'] ); $wp_lang = sanitize_locale_name( wp_unslash( $_COOKIE['wp_lang'] ) );
} }
if ( ! empty( $wp_lang ) && ! empty( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) { if ( ! empty( $wp_lang ) && ! empty( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) {

View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '6.3-alpha-55759'; $wp_version = '6.3-alpha-55760';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.