From a829ee32ce6e7d483ed8a73a3a773000c442385d Mon Sep 17 00:00:00 2001
From: Scott Taylor <scott.c.taylor@mac.com>
Date: Tue, 1 Sep 2015 03:57:21 +0000
Subject: [PATCH] User Settings: allow dashes in `get|set_user_setting()` in
 PHP and `get|setUserSetting()` in JS.

Add unit tests - there were none. Mock `set_user_setting()` since it won't run due to `headers_sent()` being `true`.

Fixes #22781.

Built from https://develop.svn.wordpress.org/trunk@33840


git-svn-id: http://core.svn.wordpress.org/trunk@33808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/js/utils.js     | 4 ++--
 wp-includes/js/utils.min.js | 2 +-
 wp-includes/option.php      | 6 +++---
 wp-includes/version.php     | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/wp-includes/js/utils.js b/wp-includes/js/utils.js
index d7d8f0187f..3d0f8e9c94 100644
--- a/wp-includes/js/utils.js
+++ b/wp-includes/js/utils.js
@@ -161,12 +161,12 @@ function setUserSetting( name, value, _del ) {
 		path = userSettings.url,
 		secure = !! userSettings.secure;
 
-	name = name.toString().replace( /[^A-Za-z0-9_]/, '' );
+	name = name.toString().replace( /[^A-Za-z0-9_-]/, '' );
 
 	if ( typeof value === 'number' ) {
 		value = parseInt( value, 10 );
 	} else {
-		value = value.toString().replace( /[^A-Za-z0-9_]/, '' );
+		value = value.toString().replace( /[^A-Za-z0-9_-]/, '' );
 	}
 
 	settings = settings || {};
diff --git a/wp-includes/js/utils.min.js b/wp-includes/js/utils.min.js
index 4bb7c9a240..401cf2388f 100644
--- a/wp-includes/js/utils.min.js
+++ b/wp-includes/js/utils.min.js
@@ -1 +1 @@
-function getUserSetting(a,b){var c=getAllUserSettings();return c.hasOwnProperty(a)?c[a]:"undefined"!=typeof b?b:""}function setUserSetting(a,b,c){if("object"!=typeof userSettings)return!1;var d=userSettings.uid,e=wpCookies.getHash("wp-settings-"+d),f=userSettings.url,g=!!userSettings.secure;return a=a.toString().replace(/[^A-Za-z0-9_]/,""),b="number"==typeof b?parseInt(b,10):b.toString().replace(/[^A-Za-z0-9_]/,""),e=e||{},c?delete e[a]:e[a]=b,wpCookies.setHash("wp-settings-"+d,e,31536e3,f,"",g),wpCookies.set("wp-settings-time-"+d,userSettings.time,31536e3,f,"",g),a}function deleteUserSetting(a){return setUserSetting(a,"",1)}function getAllUserSettings(){return"object"!=typeof userSettings?{}:wpCookies.getHash("wp-settings-"+userSettings.uid)||{}}var wpCookies={each:function(a,b,c){var d,e;if(!a)return 0;if(c=c||a,"undefined"!=typeof a.length){for(d=0,e=a.length;e>d;d++)if(b.call(c,a[d],d,a)===!1)return 0}else for(d in a)if(a.hasOwnProperty(d)&&b.call(c,a[d],d,a)===!1)return 0;return 1},getHash:function(a){var b,c=this.get(a);return c&&this.each(c.split("&"),function(a){a=a.split("="),b=b||{},b[a[0]]=a[1]}),b},setHash:function(a,b,c,d,e,f){var g="";this.each(b,function(a,b){g+=(g?"&":"")+b+"="+a}),this.set(a,g,c,d,e,f)},get:function(a){var b,c,d=document.cookie,e=a+"=";if(d){if(c=d.indexOf("; "+e),-1===c){if(c=d.indexOf(e),0!==c)return null}else c+=2;return b=d.indexOf(";",c),-1===b&&(b=d.length),decodeURIComponent(d.substring(c+e.length,b))}},set:function(a,b,c,d,e,f){var g=new Date;"object"==typeof c&&c.toGMTString?c=c.toGMTString():parseInt(c,10)?(g.setTime(g.getTime()+1e3*parseInt(c,10)),c=g.toGMTString()):c="",document.cookie=a+"="+encodeURIComponent(b)+(c?"; expires="+c:"")+(d?"; path="+d:"")+(e?"; domain="+e:"")+(f?"; secure":"")},remove:function(a,b,c,d){this.set(a,"",-1e3,b,c,d)}};
\ No newline at end of file
+function getUserSetting(a,b){var c=getAllUserSettings();return c.hasOwnProperty(a)?c[a]:"undefined"!=typeof b?b:""}function setUserSetting(a,b,c){if("object"!=typeof userSettings)return!1;var d=userSettings.uid,e=wpCookies.getHash("wp-settings-"+d),f=userSettings.url,g=!!userSettings.secure;return a=a.toString().replace(/[^A-Za-z0-9_-]/,""),b="number"==typeof b?parseInt(b,10):b.toString().replace(/[^A-Za-z0-9_-]/,""),e=e||{},c?delete e[a]:e[a]=b,wpCookies.setHash("wp-settings-"+d,e,31536e3,f,"",g),wpCookies.set("wp-settings-time-"+d,userSettings.time,31536e3,f,"",g),a}function deleteUserSetting(a){return setUserSetting(a,"",1)}function getAllUserSettings(){return"object"!=typeof userSettings?{}:wpCookies.getHash("wp-settings-"+userSettings.uid)||{}}var wpCookies={each:function(a,b,c){var d,e;if(!a)return 0;if(c=c||a,"undefined"!=typeof a.length){for(d=0,e=a.length;e>d;d++)if(b.call(c,a[d],d,a)===!1)return 0}else for(d in a)if(a.hasOwnProperty(d)&&b.call(c,a[d],d,a)===!1)return 0;return 1},getHash:function(a){var b,c=this.get(a);return c&&this.each(c.split("&"),function(a){a=a.split("="),b=b||{},b[a[0]]=a[1]}),b},setHash:function(a,b,c,d,e,f){var g="";this.each(b,function(a,b){g+=(g?"&":"")+b+"="+a}),this.set(a,g,c,d,e,f)},get:function(a){var b,c,d=document.cookie,e=a+"=";if(d){if(c=d.indexOf("; "+e),-1===c){if(c=d.indexOf(e),0!==c)return null}else c+=2;return b=d.indexOf(";",c),-1===b&&(b=d.length),decodeURIComponent(d.substring(c+e.length,b))}},set:function(a,b,c,d,e,f){var g=new Date;"object"==typeof c&&c.toGMTString?c=c.toGMTString():parseInt(c,10)?(g.setTime(g.getTime()+1e3*parseInt(c,10)),c=g.toGMTString()):c="",document.cookie=a+"="+encodeURIComponent(b)+(c?"; expires="+c:"")+(d?"; path="+d:"")+(e?"; domain="+e:"")+(f?"; secure":"")},remove:function(a,b,c,d){this.set(a,"",-1e3,b,c,d)}};
\ No newline at end of file
diff --git a/wp-includes/option.php b/wp-includes/option.php
index cec43e7fe7..5749f8b775 100644
--- a/wp-includes/option.php
+++ b/wp-includes/option.php
@@ -900,7 +900,7 @@ function get_all_user_settings() {
 	$user_settings = array();
 
 	if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
-		$cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
+		$cookie = preg_replace( '/[^A-Za-z0-9=&_-]/', '', $_COOKIE['wp-settings-' . $user_id] );
 
 		if ( strpos( $cookie, '=' ) ) { // '=' cannot be 1st char
 			parse_str( $cookie, $user_settings );
@@ -940,8 +940,8 @@ function wp_set_all_user_settings( $user_settings ) {
 
 	$settings = '';
 	foreach ( $user_settings as $name => $value ) {
-		$_name = preg_replace( '/[^A-Za-z0-9_]+/', '', $name );
-		$_value = preg_replace( '/[^A-Za-z0-9_]+/', '', $value );
+		$_name = preg_replace( '/[^A-Za-z0-9_-]+/', '', $name );
+		$_value = preg_replace( '/[^A-Za-z0-9_-]+/', '', $value );
 
 		if ( ! empty( $_name ) ) {
 			$settings .= $_name . '=' . $_value . '&';
diff --git a/wp-includes/version.php b/wp-includes/version.php
index d724adcb4a..1a61fe9c76 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.4-alpha-33839';
+$wp_version = '4.4-alpha-33840';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.