WordPress.org
Get WordPress

Make WordPress Core

Opened 14 years ago

Closed 14 years ago

#12623 closed defect (bug) (worksforme)

Unchecked Input Condition in Widgets

Reported by: hakre's profile hakre Owned by: azaozz's profile azaozz
Milestone: Priority: normal
Severity: normal Version: 3.0
Component: Widgets Keywords:
Focuses: Cc:

Description

In WP_Widget::__construct() - according to the documented specs - first parameter $id_base has to be unique.

Next to the fact that is not properly documented to what domain the uniqueness has to pay to, the input is not verified at all for uniqueness leaving the specification useless as well as leaving Wordpress open to a malfunction on the underlying data structures and models.

Change History (5)

#1 @hakre
14 years ago

  • Component changed from General to Widgets
  • Owner set to azaozz

#2 @hakre
14 years ago

  • Version set to 3.0

#3 follow-up: @nacin
14 years ago

  • Milestone changed from Unassigned to 3.0

So we just need some docs?

#4 in reply to: ↑ 3 @azaozz
14 years ago

Replying to nacin:

So we just need some docs?

The uniqueness requirement is the same as for plugin and theme function names and since widgets are only added by plugins and themes, it seems pretty clear. It is well explained in the codex (prefixing a function name with unique string) and has been working well for years.

Perhaps we could add something to that effect to the phpdoc to remove any doubts.

#5 @nacin
14 years ago

  • Milestone 3.0 deleted
  • Resolution set to worksforme
  • Status changed from new to closed

I honestly can't see how we can make the inline docs more clear without being just redundant.

Note: See TracTickets for help on using tickets.