sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make underscores valid in sanitize_html_class. fixes #17067.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@17614 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2011-04-06 21:28:52 +00:00
parent 259c415b7b
commit e376455b17
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-includes/formatting.php
View File

@ -876,7 +876,7 @@ function sanitize_sql_orderby( $orderby ){
/** /**
* Santizes a html classname to ensure it only contains valid characters * Santizes a html classname to ensure it only contains valid characters
* *
* Strips the string down to A-Z,a-z,0-9,'-' if this results in an empty * Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty
* string then it will return the alternative value supplied. * string then it will return the alternative value supplied.
* *
* @todo Expand to support the full range of CDATA that a class attribute can contain. * @todo Expand to support the full range of CDATA that a class attribute can contain.
@ -890,10 +890,10 @@ function sanitize_sql_orderby( $orderby ){
*/ */
function sanitize_html_class( $class, $fallback = '' ) { function sanitize_html_class( $class, $fallback = '' ) {
//Strip out any % encoded octets //Strip out any % encoded octets
$sanitized = preg_replace('|%[a-fA-F0-9][a-fA-F0-9]|', '', $class); $sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class );
//Limit to A-Z,a-z,0-9,'-' //Limit to A-Z,a-z,0-9,_,-
$sanitized = preg_replace('/[^A-Za-z0-9-]/', '', $sanitized); $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );
if ( '' == $sanitized ) if ( '' == $sanitized )
$sanitized = $fallback; $sanitized = $fallback;