From 51868a5e8ccf3beb628c07ccb539f8c39af1fef5 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov.ru@gmail.com>
Date: Fri, 18 Oct 2024 15:56:18 +0000
Subject: [PATCH] Pings/Trackbacks: Validate that the specified charset is
 available on the receiving site.

This aims to avoid a subsequent fatal error from `mb_convert_encoding()` when an invalid charset is specified.

Follow-up to [1734], [2563], [12032].

Props dd32, jrf, oglekler, rajinsharwar.
Fixes #60261.
Built from https://develop.svn.wordpress.org/trunk@59255


git-svn-id: http://core.svn.wordpress.org/trunk@58647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/version.php | 2 +-
 wp-trackback.php        | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/wp-includes/version.php b/wp-includes/version.php
index 6aa64cc5f0..ec211019a9 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.7-beta3-59254';
+$wp_version = '6.7-beta3-59255';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
diff --git a/wp-trackback.php b/wp-trackback.php
index 670d9c457b..6a93d059fc 100644
--- a/wp-trackback.php
+++ b/wp-trackback.php
@@ -60,7 +60,14 @@ $blog_name = isset( $_POST['blog_name'] ) ? wp_unslash( $_POST['blog_name'] ) :
 
 if ( $charset ) {
 	$charset = str_replace( array( ',', ' ' ), '', strtoupper( trim( $charset ) ) );
-} else {
+
+	// Validate the specified "sender" charset is available on the receiving site.
+	if ( function_exists( 'mb_list_encodings' ) && ! in_array( $charset, mb_list_encodings(), true ) ) {
+		$charset = '';
+	}
+}
+
+if ( ! $charset ) {
 	$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
 }