Customize: Add `wp_is_uuid()` validation function with optional second `$version=4` parameter to enforce v4 random UUIDs.

Props jonathanbardo.
Fixes #39778.

Built from https://develop.svn.wordpress.org/trunk@41388


git-svn-id: http://core.svn.wordpress.org/trunk@41221 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/class-wp-customize-manager.php

@@ -488,7 +488,7 @@ final class WP_Customize_Manager {
 			return;
 		}
 
-		if ( ! preg_match( '/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/', $this->_changeset_uuid ) ) {
+		if ( ! wp_is_uuid( $this->_changeset_uuid ) ) {
 			$this->wp_die( -1, __( 'Invalid changeset UUID' ) );
 		}
 

wp-includes/functions.php

@@ -5704,6 +5704,34 @@ function wp_generate_uuid4() {
 	);
 }
 
+/**
+ * Validates that a UUID is valid.
+ *
+ * @since 4.9.0
+ *
+ * @param mixed $uuid    UUID to check.
+ * @param int   $version Specify which version of UUID to check against. Default is none, to accept any UUID version. Otherwise, only version allowed is `4`.
+ * @return bool The string is a valid UUID or false on failure.
+ */
+function wp_is_uuid( $uuid, $version = null ) {
+
+	if ( ! is_string( $uuid ) ) {
+		return false;
+	}
+
+	if ( is_numeric( $version ) ) {
+		if ( 4 !== (int) $version ) {
+			_doing_it_wrong( __FUNCTION__, __( 'Only UUID V4 is supported at this time.' ), '4.9.0' );
+			return false;
+		}
+		$regex = '/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/';
+	} else {
+		$regex = '/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/';
+	}
+
+	return (bool) preg_match( $regex, $uuid );
+}
+
 /**
  * Get last changed date for the specified cache group.
  *

wp-includes/version.php

@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.9-alpha-41387';
+$wp_version = '4.9-alpha-41388';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.