Changeset 38944
- Timestamp:
- 10/26/2016 05:16:09 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/formatting.php
r38717 r38944 4654 4654 * @since 2.9.0 4655 4655 * 4656 4656 4657 * @see wp_check_invalid_utf8() 4657 4658 * @see wp_strip_all_tags() … … 4661 4662 */ 4662 4663 function sanitize_text_field( $str ) { 4664 4665 4666 4667 4668 4669 4670 4671 4672 4673 4674 4675 4676 4677 4678 4679 4680 4681 4682 4683 4684 4685 4686 4687 4688 4689 4690 4691 4692 4693 4694 4695 4696 4697 4698 4699 4700 4701 4702 4703 4704 4705 4706 4707 4708 4709 4710 4711 4712 4713 4714 4715 4663 4716 $filtered = wp_check_invalid_utf8( $str ); 4664 4717 … … 4666 4719 $filtered = wp_pre_kses_less_than( $filtered ); 4667 4720 // This will strip extra whitespace for us. 4668 $filtered = wp_strip_all_tags( $filtered, true ); 4669 } else { 4670 $filtered = trim( preg_replace('/[\r\n\t ]+/', ' ', $filtered) ); 4671 } 4721 $filtered = wp_strip_all_tags( $filtered, false ); 4722 4723 // Use html entities in a special case to make sure no later 4724 // newline stripping stage could lead to a functional tag 4725 $filtered = str_replace("<\n", "<\n", $filtered); 4726 } 4727 4728 if ( ! $keep_newlines ) { 4729 $filtered = preg_replace( '/[\r\n\t ]+/', ' ', $filtered ); 4730 } 4731 $filtered = trim( $filtered ); 4672 4732 4673 4733 $found = false; … … 4682 4742 } 4683 4743 4684 /** 4685 * Filters a sanitized text field string. 4686 * 4687 * @since 2.9.0 4688 * 4689 * @param string $filtered The sanitized string. 4690 * @param string $str The string prior to being sanitized. 4691 */ 4692 return apply_filters( 'sanitize_text_field', $filtered, $str ); 4744 return $filtered; 4693 4745 } 4694 4746 -
trunk/tests/phpunit/tests/formatting/SanitizeTextField.php
r25002 r38944 5 5 */ 6 6 class Tests_Formatting_SanitizeTextField extends WP_UnitTestCase { 7 // #11528 8 function test_sanitize_text_field() { 9 $inputs = array( 10 'оРангутанг', //Ensure UTF8 text is safe the Р is D0 A0 and A0 is the non-breaking space. 11 'САПР', //Ensure UTF8 text is safe the Р is D0 A0 and A0 is the non-breaking space. 12 'one is < two', 13 'tags <span>are</span> <em>not allowed</em> here', 14 ' we should trim leading and trailing whitespace ', 15 'we also trim extra internal whitespace', 16 'tabs get removed too', 17 'newlines are not welcome 18 here', 19 'We also %AB remove %ab octets', 20 'We don\'t need to wory about %A 21 B removing %a 22 b octets even when %a B they are obscured by whitespace', 23 '%AB%BC%DE', //Just octets 24 'Invalid octects remain %II', 25 'Nested octects %%%ABABAB %A%A%ABBB', 7 function data_sanitize_text_field() { 8 return array( 9 array( 10 'оРангутанг', //Ensure UTF8 text is safe the Р is D0 A0 and A0 is the non-breaking space. 11 'оРангутанг', 12 ), 13 array( 14 'САПР', //Ensure UTF8 text is safe the Р is D0 A0 and A0 is the non-breaking space. 15 'САПР', 16 ), 17 array( 18 'one is < two', 19 'one is < two', 20 ), 21 array( 22 "one is <\n two", 23 array( 24 'oneline' => 'one is < two', 25 'multiline' => "one is <\n two", 26 ), 27 ), 28 array( 29 "foo <div\n> bar", 30 array( 31 'oneline' => 'foo bar', 32 'multiline' => "foo bar", 33 ), 34 ), 35 array( 36 "foo <\ndiv\n> bar", 37 array( 38 'oneline' => 'foo < div > bar', 39 'multiline' => "foo <\ndiv\n> bar", 40 ), 41 ), 42 array( 43 'tags <span>are</span> <em>not allowed</em> here', 44 'tags are not allowed here', 45 ), 46 array( 47 ' we should trim leading and trailing whitespace ', 48 'we should trim leading and trailing whitespace', 49 ), 50 array( 51 'we trim extra internal whitespace only in single line texts', 52 array( 53 'oneline' => 'we trim extra internal whitespace only in single line texts', 54 'multiline' => 'we trim extra internal whitespace only in single line texts', 55 ), 56 ), 57 array( 58 "tabs \tget removed in single line texts", 59 array( 60 'oneline' => 'tabs get removed in single line texts', 61 'multiline' => "tabs \tget removed in single line texts", 62 ), 63 ), 64 array( 65 "newlines are allowed only\n in multiline texts", 66 array( 67 'oneline' => 'newlines are allowed only in multiline texts', 68 'multiline' => "newlines are allowed only\n in multiline texts", 69 ), 70 ), 71 array( 72 'We also %AB remove %ab octets', 73 'We also remove octets', 74 ), 75 array( 76 'We don\'t need to wory about %A 77 B removing %a 78 b octets even when %a B they are obscured by whitespace', 79 array ( 80 'oneline' => 'We don\'t need to wory about %A B removing %a b octets even when %a B they are obscured by whitespace', 81 'multiline' => "We don't need to wory about %A\n B removing %a\n b octets even when %a B they are obscured by whitespace", 82 ), 83 ), 84 array( 85 '%AB%BC%DE', //Just octets 86 '', //Emtpy as we strip all the octets out 87 ), 88 array( 89 'Invalid octects remain %II', 90 'Invalid octects remain %II', 91 ), 92 array( 93 'Nested octects %%%ABABAB %A%A%ABBB', 94 'Nested octects', 95 ), 26 96 ); 27 $expected = array( 28 'оРангутанг', 29 'САПР', 30 'one is < two', 31 'tags are not allowed here', 32 'we should trim leading and trailing whitespace', 33 'we also trim extra internal whitespace', 34 'tabs get removed too', 35 'newlines are not welcome here', 36 'We also remove octets', 37 'We don\'t need to wory about %A B removing %a b octets even when %a B they are obscured by whitespace', 38 '', //Emtpy as we strip all the octets out 39 'Invalid octects remain %II', 40 'Nested octects', 41 ); 97 } 42 98 43 foreach ($inputs as $key => $input) { 44 $this->assertEquals($expected[$key], sanitize_text_field($input)); 99 /** 100 * @ticket 32257 101 * @dataProvider data_sanitize_text_field 102 */ 103 function test_sanitize_text_field( $string, $expected ) { 104 if ( is_array( $expected ) ) { 105 $expected_oneline = $expected['oneline']; 106 $expected_multiline = $expected['multiline']; 107 } else { 108 $expected_oneline = $expected_multiline = $expected; 45 109 } 110 111 112 46 113 } 47 114 }
Note: See TracChangeset
for help on using the changeset viewer.