In `sanitize_file_name()`, replace `%20` and `+` with dashes. Remove unnecessary code from `_wp_handle_upload()`.

Adds unit tests. Props ericmann. Fixes #16330. Built from https://develop.svn.wordpress.org/trunk@29290 git-svn-id: http://core.svn.wordpress.org/trunk@29072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-24 22:09:16 +00:00 · 2014-07-24 22:09:16 +00:00 · a14f5b97d5
parent 27866228af
commit a14f5b97d5
2 changed files with 1 additions and 3 deletions
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@ -327,9 +327,6 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) {
 	}

 	$filename = wp_unique_filename( $uploads['path'], $file['name'], $unique_filename_callback );
-	// Strip the query strings.
-	$filename = str_replace( '?', '-', $filename );
-	$filename = str_replace( '&', '-', $filename );

 	// Move the file to the uploads dir.
 	$new_file = $uploads['path'] . "/$filename";
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@ -1049,6 +1049,7 @@ function sanitize_file_name( $filename ) {
 	$special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw );
 	$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
 	$filename = str_replace($special_chars, '', $filename);
+	$filename = str_replace( array( '%20', '+' ), '-', $filename );
 	$filename = preg_replace('/[\s-]+/', '-', $filename);
 	$filename = trim($filename, '.-_');