WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 2 years ago

#16507 closed defect (bug) (fixed)

Theme editor doesn't support themes with special characters in name

Reported by: kawauso Owned by:
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.0.5
Component: Administration Keywords: has-patch
Focuses: Cc:

Description

The internal $themes array uses escaped theme names as indexes, while the name of the theme to edit is pulled directly into $theme from $_POST without any escaping.

Attachments (1)

16507.diff (416 bytes) - added by kawauso 3 years ago.
Patched with wp_kses_normalize_entities() since theme names go through kses

Download all attachments as: .zip

Change History (3)

kawauso3 years ago

Patched with wp_kses_normalize_entities() since theme names go through kses

comment:1 SergeyBiryukov2 years ago

Seems to be fixed in [20313].

comment:2 nacin2 years ago

  • Milestone changed from Awaiting Review to 3.4
  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.