From a14f5b97d569cb3ff9777e7b4390cf76f7239d5f Mon Sep 17 00:00:00 2001 From: Scott Taylor Date: Thu, 24 Jul 2014 22:09:16 +0000 Subject: [PATCH] In `sanitize_file_name()`, replace `%20` and `+` with dashes. Remove unnecessary code from `_wp_handle_upload()`. Adds unit tests. Props ericmann. Fixes #16330. Built from https://develop.svn.wordpress.org/trunk@29290 git-svn-id: http://core.svn.wordpress.org/trunk@29072 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/file.php | 3 --- wp-includes/formatting.php | 1 + 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index 381ca1cd64..c38a6a40f1 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -327,9 +327,6 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) { } $filename = wp_unique_filename( $uploads['path'], $file['name'], $unique_filename_callback ); - // Strip the query strings. - $filename = str_replace( '?', '-', $filename ); - $filename = str_replace( '&', '-', $filename ); // Move the file to the uploads dir. $new_file = $uploads['path'] . "/$filename"; diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index c858aac78a..2a01ea8db2 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -1049,6 +1049,7 @@ function sanitize_file_name( $filename ) { $special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw ); $filename = preg_replace( "#\x{00a0}#siu", ' ', $filename ); $filename = str_replace($special_chars, '', $filename); + $filename = str_replace( array( '%20', '+' ), '-', $filename ); $filename = preg_replace('/[\s-]+/', '-', $filename); $filename = trim($filename, '.-_');