From 1cbe1cec124833f9771b1fbd214d6223296008c3 Mon Sep 17 00:00:00 2001
From: Scott Taylor <wonderboymusic@git.wordpress.org>
Date: Thu, 24 Jul 2014 22:08:09 +0000
Subject: [PATCH] In `sanitize_file_name()`, replace `%20` and `+` with dashes.
 Remove unnecessary code from `_wp_handle_upload()`.

Adds unit tests.

Props ericmann.
Fixes #16330.


git-svn-id: https://develop.svn.wordpress.org/trunk@29290 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/file.php                 |  3 ---
 src/wp-includes/formatting.php                 |  1 +
 .../tests/formatting/SanitizeFileName.php      | 18 ++++++++++++++++++
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/wp-admin/includes/file.php b/src/wp-admin/includes/file.php
index 381ca1cd64..c38a6a40f1 100644
--- a/src/wp-admin/includes/file.php
+++ b/src/wp-admin/includes/file.php
@@ -327,9 +327,6 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) {
 	}
 
 	$filename = wp_unique_filename( $uploads['path'], $file['name'], $unique_filename_callback );
-	// Strip the query strings.
-	$filename = str_replace( '?', '-', $filename );
-	$filename = str_replace( '&', '-', $filename );
 
 	// Move the file to the uploads dir.
 	$new_file = $uploads['path'] . "/$filename";
diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
index c858aac78a..2a01ea8db2 100644
--- a/src/wp-includes/formatting.php
+++ b/src/wp-includes/formatting.php
@@ -1049,6 +1049,7 @@ function sanitize_file_name( $filename ) {
 	$special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw );
 	$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
 	$filename = str_replace($special_chars, '', $filename);
+	$filename = str_replace( array( '%20', '+' ), '-', $filename );
 	$filename = preg_replace('/[\s-]+/', '-', $filename);
 	$filename = trim($filename, '.-_');
 
diff --git a/tests/phpunit/tests/formatting/SanitizeFileName.php b/tests/phpunit/tests/formatting/SanitizeFileName.php
index e4f0824df7..727ed7e341 100644
--- a/tests/phpunit/tests/formatting/SanitizeFileName.php
+++ b/tests/phpunit/tests/formatting/SanitizeFileName.php
@@ -19,6 +19,24 @@ class Tests_Formatting_SanitizeFileName extends WP_UnitTestCase {
 		$this->assertEquals( 'testtest', sanitize_file_name( $string ) );
 	}
 
+	/**
+	 * Test that spaces are correctly replaced with dashes.
+	 *
+	 * @ticket 16330
+	 */
+	function test_replace_spaces() {
+		$urls = array(
+			'unencoded space.png'   => 'unencoded-space.png',
+			'encoded%20space.jpg'   => 'encoded-space.jpg',
+			'plus+space.jpg'        => 'plus-space.jpg',
+			'multi %20 +space.png'   => 'multi-space.png',
+		);
+
+		foreach( $urls as $test => $expected ) {
+			$this->assertEquals( $expected, sanitize_file_name( $test ) );
+		}
+	}
+
 	function test_replaces_any_number_of_hyphens_with_one_hyphen() {
 		$this->assertEquals("a-t-t", sanitize_file_name("a----t----t"));
 	}