Convert times/multiplication symbol (×) into the letter "x" when sanitizing titles for slugs

[archmaster7]

We had an issue where user thought they were entering an x (Latin Small Letter X (U+0078)) but they were actually entering the multiplication symbol (Multiplication Sign (U+00D7)). An "x" did not show up in the slug which lead to some issues. Might suggest disallowing Multiplication Sign (U+00D7) from titles.

The multiplication symbol can be replaced with "x" automatically when sanitizing the title for use in a slug. Core does similarly for dashes which get replaced with hyphens via sanitize_title_with_dashes(). This was touched in the 6.9 release in #64089.

[westonruter]

Maybe the multiplication symbol should be replaced with "x" automatically in the slugs? We do this similarly for dashes which get replaced with hyphens. This was touched in the 6.9 release in #64089.

This could be tackled as part of #64151.

[desrosj]

Replying to westonruter:

Maybe the multiplication symbol should be replaced with "x" automatically in the slugs? We do this similarly for dashes which get replaced with hyphens.

I think this makes sense, @westonruter.

Tackling it with #64151 could make sense, but that seems like a much larger effort that may take a while. Since this is just one character and a one line change (excluding tests), the best path forward may be to fix this now rather than wait.

[iflairwebtechnologies]

Hi
This patch resolves issue #64284, where the multiplication symbol (×) wasn't being replaced with the letter "x" when sanitizing titles for slugs.

The patch adds a line in the sanitize_title_with_dashes function to replace the multiplication sign (×) with "x" directly, as well as its encoded form (%c3%97).

Please review the patch and let me know if any changes are required.

[palak678]

I tested this on 6.9 RC3 with PHP 8.4. The title cleanup works well now. The multiplication sign changes to a normal ‘x’ in the slug. This makes the slug function easier to understand and more consistent.

[iflairwebtechnologies]

Replying to palak678:

I tested this on 6.9 RC3 with PHP 8.4. The title cleanup works well now. The multiplication sign changes to a normal ‘x’ in the slug. This makes the slug function easier to understand and more consistent.

Are you asking whether the patch we created (64284.diff) is functioning correctly, or if any improvements are needed?

[desrosj]

The Version field is for indicating the version of WordPress that first experienced a given problem.

Please leave the version as set unless you’ve discovered details that show it was introduced during a different release. Switching back to trunk since this was not introduced during the 6.9 release.

[palak678]

Replying to @iflairwebtechnologies

I tested this on 6.9 RC3 with PHP 8.4, and without applying the patch the multiplication sign is already converting to a normal ‘x’ in the slug. The functionality seems to be working.

[westonruter]

The patch 64284.diff​ seems to have unrelated changes.

Please open a pull request for collaboration and testing.

Also, I'm not entirely sure that sanitize_title_with_dashes() is the right function to apply this change in, since it is not related to replacing characters with dashes (read: hyphens). This is with discussing. That said, it actually does already replace some characters to 'x':

<?php
// Convert &times to 'x'.
$title = str_replace( '%c3%97', 'x', $title );

So this seems to be already settled.

The relevant addition from the patch then seems to be:

<?php
// Add the new line to convert the multiplication sign (×) directly to "x"
$title = str_replace( '×', 'x', $title );

Still, the patch replaces wp_is_valid_utf8() with seems_utf8() without explanation.

This will also need unit tests.

[abcd95]

Since there has been some time since the last activity on this ticket, I took the liberty of raising a PR for better collaboration and added comprehensive unit tests to cover the complete behavior with an enhanced patch.

• Replaced ×, ×, and × with 'x' before URL encoding (as suggested by @westonruter)
• Added test methods covering all forms and contexts

Please take a look and let me know if it looks good.

[audrasjb]

As per today's bug scrub: The patch looks fresh and needs testing. Let's keep it in the milestone for now.

@westonruter as you commented the PR, are you now fine with this implementation?

[ozgursar]

I couldn't reproduce the multiplication sign × issue with the latest trunk 7.0-beta2-61752-src on PHP 8.2.29.

Could it be due to the fix for the #19820?

[audrasjb]

As per today's 7.0 pre-RC1 bug scrub:

We have 1 unsuccessful reproduction report. Punting to 7.1.

[gaisma22]

Reproduction Report

Environment

• WordPress: 7.0-beta6-62085-src
• PHP: 8.3.30
• Server: nginx/1.29.6
• Database: MySQL 8.4.8
• Browser: Brave
• OS: Ubuntu
• Theme: Twenty Twenty-Five 1.4
• MU Plugins: None
• Plugins: None (first test), Hello Dolly 1.7.2 (second test)

Steps taken

1. Navigated to Posts -> Add New Post.
2. Entered "2×2 Test Post" as the post title using the multiplication symbol x (U+00D7).
3. Published the post.
4. Checked the permalink and slug field after publishing.
5. Slug shows "2x2-test-post" - x correctly converted to "x".
6. Reset environment and repeated with Hello Dolly 1.7.2 active.
7. Same result - slug shows "2x2-test-post".

Result: ❌ Bug is not occurring

Expected behavior

Based on the ticket, the multiplication symbol x (U+00D7) in a post
title should be stripped from the slug, producing "22-test-post"
instead of "2x2-test-post".

Additional Notes

1. Tested first in a clean environment with no plugins active.
2. Environment was reset and the test was repeated with Hello Dolly 1.7.2 active.
3. Both tests produced the same result.
4. This matches comment #16 by @ozgursar who could not reproduce on 7.0-beta2. The fix may have been applied as part of #19820.
5. Removing needs-testing as the bug does not reproduce in WordPress 7.0-beta6-62085-src. Adding close.

Screenshots/Screencast with results

Before Publishing:

After Publishing: