id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
23423	sanitize_title() in dynamic_sidebar() restricts the use of specific characters for sidebar IDs	paulvandermeijs		"In the dynamic_sidebar() function in wp-includes/widgets.php uses sanitize_title() on the given index when it looks for a sidebar with a name that matches the index. After that it leaves the index value sanitized making it impossible to use characters not allowed by sanitize_title() in a sidebar ID.

By not overwriting the given index value with the sanitized version it would still be possible to use any character for the ID. To achieve this, lines 847-853

{{{
$index = sanitize_title($index);
foreach ( (array) $wp_registered_sidebars as $key => $value ) {
	if ( sanitize_title($value['name']) == $index ) {
		$index = $key;
		break;
	}
}
}}}

should be replaced with


{{{
$sanitized_index = sanitize_title($index);
foreach ( (array) $wp_registered_sidebars as $key => $value ) {
	if ( sanitize_title($value['name']) == $sanitized_index ) {
		$index = $key;
		break;
	}
}
}}}"	defect (bug)	new	normal	Awaiting Review	Widgets	2.2	normal		needs-patch