Changeset 47652

Timestamp:

04/29/2020 04:25:54 PM (4 years ago)

Author:

whyisjake

Message:

User: Invalidate user_activation_key on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand sanitize_file_name to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 4.7 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.

Location:

branches/4.5

Files:

• . (modified) (1 prop)
• src/wp-includes/formatting.php (modified) (2 diffs)
• src/wp-includes/query.php (modified) (1 diff)
• src/wp-includes/user.php (modified) (1 diff)
• tests/phpunit/tests/formatting/SanitizeFileName.php (modified) (1 diff)
• tests/phpunit/tests/user.php (modified) (2 diffs)

branches/4.5/src/wp-includes/formatting.php

@@ -1376 +1376 @@
     $filename_raw = $filename;
     $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", "%", "+", chr(0));
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
     /**
      * Filter the list of characters to remove from a filename.
@@ -1385 +1403 @@
      */
     $special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw );
-    $filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );
     $filename = str_replace( $special_chars, '', $filename );
     $filename = str_replace( array( '%20', '+' ), '-', $filename );

branches/4.5/src/wp-includes/query.php

@@ -1623 +1623 @@
         } elseif ( $qv['p'] ) {
             $this->is_single = true;
-        } elseif ( ('' !== $qv['hour']) && ('' !== $qv['minute']) &&('' !== $qv['second']) && ('' != $qv['year']) && ('' != $qv['monthnum']) && ('' != $qv['day']) ) {
-            // If year, month, day, hour, minute, and second are set, a single
-            // post is being queried.
-            $this->is_single = true;
         } elseif ( '' != $qv['pagename'] || !empty($qv['page_id']) ) {
             $this->is_page = true;

branches/4.5/src/wp-includes/user.php

@@ -1594 +1594 @@
 
     if ( $update ) {
-        if ( $user_email !== $old_user_data->user_email ) {
+        if ( $user_email !== $old_user_data->user_email ) {
             $data['user_activation_key'] = '';
         }

branches/4.5/tests/phpunit/tests/formatting/SanitizeFileName.php

@@ -68 +68 @@
         $this->assertEquals( 'no-extension', sanitize_file_name( '_.no-extension' ) );
     }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 }

branches/4.5/tests/phpunit/tests/user.php

@@ -922 +922 @@
     }
 
-    function test_changing_email_invalidates_password_reset_key() {
+    function test_changing_email_invalidates_password_reset_key() {
         global $wpdb;
 
@@ -947 +947 @@
             'user_nicename' => 'cat',
             'user_email'    => 'foo@bar.dev',
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
         );
         wp_update_user( $userdata );