#37924 closed defect (bug) (fixed)
Cannot delete or update themes in directories containing an uppercase letter from Appearance > Themes
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 4.7 | Priority: | normal |
| Severity: | normal | Version: | 4.7 |
| Component: | Themes | Keywords: | has-patch |
| Focuses: | administration | Cc: |
Description
The shiny updates v2 code changes [37714] introduced a bug where themes in directories with one or more uppercase letters in the directory name cannot be deleted or updated from inside the Appearance > Themes page. This is due to the $_POST['slug'] data being sanitized using sanitize_key() which forces uppercase characters to lowercase.
The shiny updates v2 changes did not create the same problem with plugins since plugins keep track of plugin (akismet/akismet.php) and slug (akismet) separately with only the slug being passed through sanitize_key().
Looking at the plugin-handling code, the plugin value is sanitized using sanitize_text_field(). The attached patch updates the theme code to use sanitize_text_field() rather than sanitize_key() when sanitizing the slug. In my testing, this fixes both updating and deleting themes in directories with uppercase characters.
I should note that while there aren't any themes on .org that have an uppercase letter in the directory name, all of the themes released by iThemes.com (my employer) use uppercase letters in the theme directory name, I've seen other theme vendors do the same, and I've seen many customer sites where they have custom theme directory names that include uppercase letters.
I saw this slot into 4.7. I'm on the road at the moment, and I know it's too late for 4.6.1, but I do think it was a regression. If there's another minor release, we should consider it.