X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;ds=sidebyside;f=includes%2FSanitizer.php;h=b08bc6942581dccb70025eaaa763b8a4d6e56b0d;hb=4fad94948359ab67e312355534977138754c123b;hp=5aaa3ed10660fae19645810df22aadb69d43db21;hpb=9af9555c532da70b4daf625910039e70280bf84d;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 5aaa3ed106..b08bc69425 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -339,8 +339,8 @@ class Sanitizer {
 	 */
 	static function getAttribsRegex() {
 		if ( self::$attribsRegex === null ) {
-			$attribFirst = '[:A-Z_a-z0-9]';
-			$attrib = '[:A-Z_a-z-.0-9]';
+			$attribFirst = "[:_\p{L}\p{N}]";
+			$attrib = "[:_\.\-\p{L}\p{N}]";
 			$space = '[\x09\x0a\x0c\x0d\x20]';
 			self::$attribsRegex =
 				"/(?:^|$space)({$attribFirst}{$attrib}*)
@@ -351,7 +351,7 @@ class Sanitizer {
 						| '([^']*)(?:'|\$)
 						| (((?!$space|>).)*)
 					)
-				)?(?=$space|\$)/sx";
+				)?(?=$space|\$)/sxu";
 		}
 		return self::$attribsRegex;
 	}
@@ -793,7 +793,7 @@ class Sanitizer {
 			}
 
 			# Strip javascript "expression" from stylesheets.
-			# http://msdn.microsoft.com/workshop/author/dhtml/overview/recalc.asp
+			# https://msdn.microsoft.com/en-us/library/ms537634.aspx
 			if ( $attribute == 'style' ) {
 				$value = Sanitizer::checkCss( $value );
 			}
@@ -906,7 +906,6 @@ class Sanitizer {
 	 * @return string normalized css
 	 */
 	public static function normalizeCss( $value ) {
-
 		// Decode character references like {
 		$value = Sanitizer::decodeCharReferences( $value );
 
@@ -1207,7 +1206,7 @@ class Sanitizer {
 		];
 
 		$id = urlencode( strtr( $id, ' ', '_' ) );
-		$id = str_replace( array_keys( $replace ), array_values( $replace ), $id );
+		$id = strtr( $id, $replace );
 
 		if ( !preg_match( '/^[a-zA-Z]/', $id ) && !in_array( 'noninitial', $options ) ) {
 			// Initial character must be a letter!