Make WordPress Core

Opened 9 years ago

Last modified 5 years ago

#30300 new defect (bug)

setUserSetting js function only removes first unwanted character

Reported by: tv-productions's profile TV productions Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.7
Component: Administration Keywords: has-patch dev-feedback
Focuses: javascript Cc:

Description (last modified by TobiasBg)

The function comments of the function setUserSetting in wp-includes/js/utils.js says the following: "Both name and value must be only ASCII letters, numbers or underscore (...)". The function removes the unwanted characters with the js replace function, in the current code, it only removes the first occurrence of an unwanted character. This is solved by adding the g modifier to the replace regex. See the attached patch.

How to reproduce:

  • Open your browsers console while you are logged in to your WordPress installation.
  • Run the following command: setUserSetting('test--', 'bad-value-') (note that the - character is not allowed)
  • The console will return "test-" (not "test" as expected).
  • Run getUserSetting('test-').
  • The console returns "badvalue-" (not "badvalue" as expected).
  • You may want to delete the setting by executing deleteUserSetting('test-').

Attachments (1)

22781-1.patch (647 bytes) - added by TV productions 9 years ago.
Replace regex with the g modifier

Download all attachments as: .zip

Change History (4)

@TV productions
9 years ago

Replace regex with the g modifier

#1 @TobiasBg
9 years ago

  • Description modified (diff)
  • Keywords has-patch added
  • Summary changed from setUserSetting js function only removes first unwanted charter to setUserSetting js function only removes first unwanted character

#2 @valendesigns
9 years ago

  • Keywords dev-feedback added

I have applied the patch and can verify it does solve the problem. Thank you for your detailed instructions on how to reproduce this issue, it was very helpful.

Cheers,
Derek

#3 @iseulde
9 years ago

  • Version changed from trunk to 2.7

Goes back to [8784].

Note: See TracTickets for help on using tickets.