Opened 5 years ago
Last modified 3 years ago
#49421 new defect (bug)
Cannot use conversion specifications in `theme mod` default values
Reported by: | jqz | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 5.3 |
Component: | Customize | Keywords: | needs-patch |
Focuses: | Cc: |
Description
This is a follow-up to #34290.
With the fix [46395] it is no longer possible to have a theme_mod
which is itself a format string and has a default value which includes a conversion specification, e.g.
\printf(
\get_theme_mod('site_copyright', 'Copyright %%1$s; all rights reserved.'),
\get_bloginfo('name', 'display')
);
With a double %%
, the default string is now unchanged, but with a single %
it is replaced with the ‘template directory’ URL. It is now no longer possible to achieve the desired %1$s
in the default string.
Also, where the default is something like 100%
, the code supplying the default value to get_theme_mod
now needs to test the WordPress version to know whether it should pass 100%
or 100%%
.
A fix might be for the sprintf
code path also to be followed if the string contains a double %%
. Or revert the change (so that the behaviour of get_theme_mod
is more clearly defined as it was before - i.e. the default value is a format string and literal %
signs need escaping as %%
) and find another solution to the initial problem.
Change History (6)
This ticket was mentioned in Slack in #core by noisysocks. View the logs.
5 years ago
#3
follow-up:
↓ 6
@
5 years ago
- Keywords needs-patch added
- Milestone changed from Awaiting Review to Future Release
#6
in reply to:
↑ 3
@
3 years ago
Replying to mikeschroder:
@SergeyBiryukov, since you committed/worked on the last patch, do you have any thoughts on the best way forward?
I can't speak for Sergey, but thinking about this, I would suggest the solution to the original problem (#34290) would be to simply document the behaviour - i.e. to get a literal %
in the default value it must be escaped as %%
.
I don't see (or indeed think there is) any other solution which retains support for the URL insertion without a BC. Moreover, removing URL insertion support would be a BC even for implementations which don't use it, if they are ('correctly') escaping their %
s.
Hi @jqz, and thanks for the report!
Apologies it has taken this long for a comment. We chatted about this in [today's triage](https://wordpress.slack.com/archives/C02RQBWTW/p1581570771299400).
Consensus was that this does look like a backcompat breakage, like you mention. Going to go ahead and mark it for Future Release, and that it needs a patch to move forward.
@SergeyBiryukov, since you committed/worked on the last patch, do you have any thoughts on the best way forward?