WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
12/21/2021 04:12:06 AM (2 years ago)
Author:
hellofromTonya
Message:

REST API: Support . in theme directory names in WP_REST_Global_Styles_Controller, WP_REST_Templates_Controller, and WP_REST_Themes_Controller.

Regex changes from [52376] are reverted to restore the original regex patterns. Why? [52376] used an include characters pattern, which was too limiting. It did not account for localized characters, such as é, or other valid directory name characters.

The original theme directory regex pattern, i.e. [^.\/]+(?:\/[^.\/]+)? excluded the period . character. Removing the . character resolves the reported issue by allowing matching for themes/theme-dirname-1.0/ or themes/<subdirname>/theme-dirname-1.0/.

As the pattern used an exclude approach, all characters are valid for matching except for /. However, not all characters are cross-platform valid for directory names. For example, the characters /:<>*?"| are not valid on Windows OS. The pattern now excludes those characters.

The theme's directory (or subdirectory) name pattern matching is now used in WP_REST_Global_Styles_Controller, WP_REST_Templates_Controller, and WP_REST_Themes_Controller.

Follow-up to [51003], [52051], [52275], [52376].

Props costdev, hellofromTonya, spacedmonkey, TimothyBlynJacobs, bijayyadav, kafleg.
Fixes #54596.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php

    r52372 r52399  
    1717class WP_REST_Themes_Controller extends WP_REST_Controller {
    1818
    19     const PATTERN = '[^.\/]+(?:\/[^.\/]+)?';
     19    /**
     20     * Matches theme's directory: `/themes/<subdirectory>/<theme>/` or `/themes/<theme>/`.
     21     * Excludes invalid directory name characters: `/:<>*?"|`.
     22     */
     23    const PATTERN = '[^\/:<>\*\?"\|]+(?:\/[^\/:<>\*\?"\|]+)?';
    2024
    2125    /**
     
    5761                'args'   => array(
    5862                    'stylesheet' => array(
    59                         'description' => __( "The theme's stylesheet. This uniquely identifies the theme." ),
    60                         'type'        => 'string',
     63                        'description'       => __( "The theme's stylesheet. This uniquely identifies the theme." ),
     64                        'type'              => 'string',
     65                        'sanitize_callback' => array( $this, '_sanitize_stylesheet_callback' ),
    6166                    ),
    6267                ),
     
    6974            )
    7075        );
     76    }
     77
     78    /**
     79     * Sanitize the stylesheet to decode endpoint.
     80     *
     81     * @since 5.9.0
     82     *
     83     * @param string $stylesheet The stylesheet name.
     84     * @return string Sanitized stylesheet.
     85     */
     86    public function _sanitize_stylesheet_callback( $stylesheet ) {
     87        return urldecode( $stylesheet );
    7188    }
    7289
Note: See TracChangeset for help on using the changeset viewer.