id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
23423,sanitize_title() in dynamic_sidebar() restricts the use of specific characters for sidebar IDs,paulvandermeijs,,"In the dynamic_sidebar() function in wp-includes/widgets.php uses sanitize_title() on the given index when it looks for a sidebar with a name that matches the index. After that it leaves the index value sanitized making it impossible to use characters not allowed by sanitize_title() in a sidebar ID.

By not overwriting the given index value with the sanitized version it would still be possible to use any character for the ID. To achieve this, lines 847-853

{{{
$index = sanitize_title($index);
foreach ( (array) $wp_registered_sidebars as $key => $value ) {
	if ( sanitize_title($value['name']) == $index ) {
		$index = $key;
		break;
	}
}
}}}

should be replaced with


{{{
$sanitized_index = sanitize_title($index);
foreach ( (array) $wp_registered_sidebars as $key => $value ) {
	if ( sanitize_title($value['name']) == $sanitized_index ) {
		$index = $key;
		break;
	}
}
}}}",defect (bug),new,normal,Awaiting Review,Widgets,2.2,normal,,needs-patch,