In sanitize_title(), strip_tags() before sanitizing, not after. In post.php, if post name is empty, pass the post title to the sanitizer.

git-svn-id: http://svn.automattic.com/wordpress/trunk@1512 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/post.php

@@ -302,7 +302,11 @@ case 'editpost':
 		if (empty($ping_status)) $ping_status = 'closed';
 		//if (!$_POST['ping_status']) $ping_status = get_settings('default_ping_status');
 		$post_password = $_POST['post_password'];
-		$post_name = sanitize_title($_POST['post_name'], $post_ID);
+		$post_name = $_POST['post_name'];
+		if (empty($post_name)) {
+		  $post_name = $post_title;
+		}
+		$post_name = sanitize_title($post_name, $post_ID);
 		if (empty($post_name)) $post_name = sanitize_title($post_title);
 		$trackback = $_POST['trackback_url'];
 	// Format trackbacks

wp-includes/functions-formatting.php

@@ -120,8 +120,9 @@ function remove_accents($string) {
 }
 
 function sanitize_title($title, $fallback_title = '') {
-    $title = apply_filters('sanitize_title', $title);
     $title = strip_tags($title);
+    $title = apply_filters('sanitize_title', $title);
+
     if (empty($title)) {
         $title = $fallback_title;
     }