Opened 12 years ago
Last modified 6 years ago
#23423 reopened defect (bug)
sanitize_title() in dynamic_sidebar() restricts the use of specific characters for sidebar IDs
Reported by: | paulvandermeijs | Owned by: | chriscct7 |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.2 |
Component: | Widgets | Keywords: | needs-patch needs-unit-tests |
Focuses: | Cc: |
Description
In the dynamic_sidebar() function in wp-includes/widgets.php uses sanitize_title() on the given index when it looks for a sidebar with a name that matches the index. After that it leaves the index value sanitized making it impossible to use characters not allowed by sanitize_title() in a sidebar ID.
By not overwriting the given index value with the sanitized version it would still be possible to use any character for the ID. To achieve this, lines 847-853
$index = sanitize_title($index); foreach ( (array) $wp_registered_sidebars as $key => $value ) { if ( sanitize_title($value['name']) == $index ) { $index = $key; break; } }
should be replaced with
$sanitized_index = sanitize_title($index); foreach ( (array) $wp_registered_sidebars as $key => $value ) { if ( sanitize_title($value['name']) == $sanitized_index ) { $index = $key; break; } }
Attachments (3)
Change History (15)
#2
@
11 years ago
- Cc fjarrett@… added
- Keywords has-patch added; needs-patch removed
Patch allowing unsanitized $index
#4
@
9 years ago
- Keywords needs-refresh added
- Milestone changed from Awaiting Review to 4.4
- Owner set to chriscct7
- Status changed from new to assigned
#6
@
9 years ago
- Keywords needs-refresh needs-unit-tests removed
I've just uploaded 2 patches:
- 23423.patch - refreshed version of the old patch to work with the latest location of
dynamic_sidebar()
; - 23423-test.patch - contains a unit test of the reported issue.
#11
@
9 years ago
- Keywords needs-patch needs-unit-tests added; has-patch removed
- Milestone changed from 4.4 to Future Release
- Resolution fixed deleted
- Status changed from closed to reopened
Needs a new patch and a new test, see comment:7:ticket:34995 and comment:15:ticket:34995.
Note: See
TracTickets for help on using
tickets.
Related: [5473] (for #4258).