diff --git a/src/wp-includes/js/utils.js b/src/wp-includes/js/utils.js index d7d8f0187f..3d0f8e9c94 100644 --- a/src/wp-includes/js/utils.js +++ b/src/wp-includes/js/utils.js @@ -161,12 +161,12 @@ function setUserSetting( name, value, _del ) { path = userSettings.url, secure = !! userSettings.secure; - name = name.toString().replace( /[^A-Za-z0-9_]/, '' ); + name = name.toString().replace( /[^A-Za-z0-9_-]/, '' ); if ( typeof value === 'number' ) { value = parseInt( value, 10 ); } else { - value = value.toString().replace( /[^A-Za-z0-9_]/, '' ); + value = value.toString().replace( /[^A-Za-z0-9_-]/, '' ); } settings = settings || {}; diff --git a/src/wp-includes/option.php b/src/wp-includes/option.php index cec43e7fe7..5749f8b775 100644 --- a/src/wp-includes/option.php +++ b/src/wp-includes/option.php @@ -900,7 +900,7 @@ function get_all_user_settings() { $user_settings = array(); if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) { - $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] ); + $cookie = preg_replace( '/[^A-Za-z0-9=&_-]/', '', $_COOKIE['wp-settings-' . $user_id] ); if ( strpos( $cookie, '=' ) ) { // '=' cannot be 1st char parse_str( $cookie, $user_settings ); @@ -940,8 +940,8 @@ function wp_set_all_user_settings( $user_settings ) { $settings = ''; foreach ( $user_settings as $name => $value ) { - $_name = preg_replace( '/[^A-Za-z0-9_]+/', '', $name ); - $_value = preg_replace( '/[^A-Za-z0-9_]+/', '', $value ); + $_name = preg_replace( '/[^A-Za-z0-9_-]+/', '', $name ); + $_value = preg_replace( '/[^A-Za-z0-9_-]+/', '', $value ); if ( ! empty( $_name ) ) { $settings .= $_name . '=' . $_value . '&'; diff --git a/tests/phpunit/tests/option/userSettings.php b/tests/phpunit/tests/option/userSettings.php new file mode 100644 index 0000000000..443d12f806 --- /dev/null +++ b/tests/phpunit/tests/option/userSettings.php @@ -0,0 +1,49 @@ +user_id = $this->factory->user->create( array( + 'role' => 'administrator' + ) ); + + wp_set_current_user( $this->user_id ); + } + + function tearDown() { + unset( $GLOBALS['_updated_user_settings'] ); + delete_user_option( $this->user_id, 'user-settings' ); + + parent::tearDown(); + } + + function test_set_user_setting() { + $foo = get_user_setting( 'foo' ); + + $this->assertEmpty( $foo ); + + $this->set_user_setting( 'foo', 'bar' ); + + $this->assertEquals( 'bar', get_user_setting( 'foo' ) ); + } + + function test_set_user_setting_dashes() { + $foo = get_user_setting( 'foo' ); + + $this->assertEmpty( $foo ); + + $this->set_user_setting( 'foo', 'foo-bar' ); + + $this->assertEquals( 'foo-bar', get_user_setting( 'foo' ) ); + } + + // set_user_setting bails if `headers_sent()` is true + function set_user_setting( $name, $value ) { + $all_user_settings = get_all_user_settings(); + $all_user_settings[ $name ] = $value; + + return wp_set_all_user_settings( $all_user_settings ); + } +} \ No newline at end of file