Opened 14 years ago
Closed 14 years ago
#12623 closed defect (bug) (worksforme)
Unchecked Input Condition in Widgets
Reported by: | hakre | Owned by: | azaozz |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0 |
Component: | Widgets | Keywords: | |
Focuses: | Cc: |
Description
In WP_Widget::__construct()
- according to the documented specs - first parameter $id_base
has to be unique.
Next to the fact that is not properly documented to what domain the uniqueness has to pay to, the input is not verified at all for uniqueness leaving the specification useless as well as leaving Wordpress open to a malfunction on the underlying data structures and models.
Change History (5)
#4
in reply to:
↑ 3
@
14 years ago
Replying to nacin:
So we just need some docs?
The uniqueness requirement is the same as for plugin and theme function names and since widgets are only added by plugins and themes, it seems pretty clear. It is well explained in the codex (prefixing a function name with unique string) and has been working well for years.
Perhaps we could add something to that effect to the phpdoc to remove any doubts.
So we just need some docs?