WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#19244 closed defect (bug) (fixed)

get_theme() function incorrectly assuming $themes is always an array

Reported by: cgrymala Owned by: nacin
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.2.1
Component: Themes Keywords: needs-patch
Focuses: Cc:

Description

On line 499 of the current /wp-includes/theme.php file, within the get_theme() function, the array_key_exists() function is being run on the $themes variable, which may not always be an array. If it's not an array, the get_theme() function will throw a PHP warning (which, depending on the user's PHP settings, could also throw additional errors about the headers not being able to be set because of previous output).

The $themes variable is populated from the get_themes() function, which may return an array, or may return boolean false (if search_theme_directories() returns false to the get_themes() function).

I would propose that either get_themes() be modified to always return an array, or that get_theme() be modified to check the data type of the $themes variable before attempting to use the array_key_exists() function. I've attached a patch with the latter suggestion implemented. Thanks.

Attachments (2)

get_theme-array-check.patch (381 bytes) - added by cgrymala 2 years ago.
19244.patch (1.7 KB) - added by SergeyBiryukov 2 years ago.

Download all attachments as: .zip

Change History (8)

comment:1 nacin2 years ago

Simple fix, but note that core never uses get_theme(). Looks like get_themes() has been able to return a boolean for a few years now. Feels odd, but that's how it (currently) is. But it also looks like a number of locations in core might break if get_themes() returned false. We seem to be inconsistent in casting.

SergeyBiryukov2 years ago

comment:2 SergeyBiryukov2 years ago

19244.patch adds more checks and fixes a comment typo in get_theme_roots().

comment:4 nacin2 years ago

  • Keywords needs-patch added; has-patch removed
  • Milestone changed from Awaiting Review to Future Release
  • Version changed from 3.3 to 3.2.1

comment:5 nacin2 years ago

  • Milestone changed from Future Release to 3.4

comment:6 nacin2 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [20029]:

Introduce WP_Theme, wp_get_themes(), and wp_get_theme() to replace get_themes(), get_theme(), get_theme_data(), current_theme_info(), and others.

  • Getters and Helpers: Introduces a series of methods to allow for easy generation of headers for display, and other theme metadata, including page templates.
  • Screenshots: Handles support for multiple screenshots. (see # Additional screenshots must be PNG and start with screenshot-2.png, and be sequential to be counted. see #19816.
  • Error Handling: Broken themes have a WP_Error object attached to them.
  • Caching: Introduces a wp_cache_themes_persistently filter (also in [20020]) to enable persistent caching of all filesystem and sanitization operations normally handled by WP_Theme (and formerly get_file_data() and get_themes()). Themes are cached individually and across five different cache keys for different data pieces.
  • Compatibility: A WP_Theme object is backwards compatible with a theme's array formerly returned by get_themes() and get_theme(), and an stdClass object formerly returned by current_theme_info().
  • i18n/L10n: Theme headers are now localizable with proper Text Domain and Domain Path headers, like plugins. (Language packs may remove the requirement for headers.) For page templates, see #6007 (not fixed yet, but will be easy now). For headers, fixes #15858.
  • PHP and CSS files: New methods that fetch a list of theme files (for the theme editor) only on demand, rather than only loading them into memory. fixes #11214.

Functions deprecated:

  • get_themes(), get_allowed_themes() and get_broken_themes() -- use wp_get_themes()
  • get_theme() and current_theme_info() -- use wp_get_theme()
  • get_site_allowed_themes() -- use WP_Theme::get_allowed_on_network()
  • wpmu_get_blog_allowedthemes() -- use WP_theme::get_allowed_on_site()

see also [20016], [20018], [20019], [20020], [20021], [20022], [20025], [20026], [20027]. also fixes #19244.

see #20103.

Note: See TracTickets for help on using tickets.