id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
15086,get_template_part() should let you specify a directory,aaroncampbell,westi,"IT would be nice for `get_template_part()` to allow you to specify a directory to look for a file in.  Right now you actually *can* do this, but it requires passing a 'slug' to the function like `directory/slug`.  Since everywhere else in the code slugs are sanitized, this seems like an unexpected way to allow this functionality (I didn't realize this worked until @nacin pointed it out).  Since this slug isn't actually sanitized at all, you can currently do `get_template_part( '../../../test' );` which seems rather unsafe (`get_template_part` should be able to include from outside the themes directory).

I suggest sanitizing $slug and adding a third [optional] parameter that allows you to specify the directory to look in.  The directory parameter should be sanitized enough to not allow it to start with a . or a / (although this more likely belongs in `locate_template()` as something done to $template_name inside the foreach).

What does everyone think about this approach?

How many themes do we think are currently using the $slug parameter to specify a directory?

Right now the optional $name parameter is set up as a fall through, so if $slug-$name.php doesn't exist $slug.php is used.  Should $directory be set up similarly ($directory/$slug-$name.php -> $directory/$slug.php -> $slug-$name.php -> $slug.php)?",enhancement,accepted,normal,Future Release,Themes,3.0,normal,,has-patch westi-likes needs-unit-tests 2nd-opinion,me@… sorich87@… aaroncampbell gruvii Ken@… kwight@… eddie.moya+wptrac@… xoodrew@… MZAWeb wordpress@… navjotjsingh@… sethmatics ben@… dromsey@… kovshenin retlehs