From 3a87e7bba0a19a3ec81617676a91e1443b1d0a02 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 9 Jan 2007 22:53:14 +0000 Subject: [PATCH] sanitize_file_name(). fixes #3382 #3554 git-svn-id: http://svn.automattic.com/wordpress/trunk@4710 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/formatting.php | 11 +++++++++++ xmlrpc.php | 4 ++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index de6f1e806..26b81585a 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -288,6 +288,17 @@ function remove_accents($string) { return $string; } +function sanitize_file_name( $name ) { // Like sanitize_title, but with periods + $name = strtolower( $name ); + $name = preg_replace('/&.+?;/', '', $name); // kill entities + $name = str_replace( '_', '-', $name ); + $name = preg_replace('/[^a-z0-9\s-.]/', '', $name); + $name = preg_replace('/\s+/', '-', $name); + $name = preg_replace('|-+|', '-', $name); + $name = trim($name, '-'); + return $name; +} + function sanitize_user( $username, $strict = false ) { $raw_username = $username; $username = strip_tags($username); diff --git a/xmlrpc.php b/xmlrpc.php index cf3129230..ee05245dd 100644 --- a/xmlrpc.php +++ b/xmlrpc.php @@ -836,7 +836,7 @@ class wp_xmlrpc_server extends IXR_Server { $user_pass = $wpdb->escape($args[2]); $data = $args[3]; - $name = sanitize_file( $data['name'] ); + $name = sanitize_file_name( $data['name'] ); $type = $data['type']; $bits = $data['bits']; @@ -1312,4 +1312,4 @@ class wp_xmlrpc_server extends IXR_Server { $wp_xmlrpc_server = new wp_xmlrpc_server(); -?> \ No newline at end of file +?>