Make WordPress Core

Opened 5 years ago

Last modified 3 years ago

#49421 new defect (bug)

Cannot use conversion specifications in `theme mod` default values

Reported by: jqz's profile jqz Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 5.3
Component: Customize Keywords: needs-patch
Focuses: Cc:

Description

This is a follow-up to #34290.

With the fix [46395] it is no longer possible to have a theme_mod which is itself a format string and has a default value which includes a conversion specification, e.g.

\printf(
  \get_theme_mod('site_copyright', 'Copyright %%1$s; all rights reserved.'),
  \get_bloginfo('name', 'display')
);

With a double %%, the default string is now unchanged, but with a single % it is replaced with the ‘template directory’ URL. It is now no longer possible to achieve the desired %1$s in the default string.

Also, where the default is something like 100%, the code supplying the default value to get_theme_mod now needs to test the WordPress version to know whether it should pass 100% or 100%%.

A fix might be for the sprintf code path also to be followed if the string contains a double %%. Or revert the change (so that the behaviour of get_theme_mod is more clearly defined as it was before - i.e. the default value is a format string and literal % signs need escaping as %%) and find another solution to the initial problem.

Change History (6)

#1 @dlh
5 years ago

  • Version changed from 5.3.2 to trunk

This ticket was mentioned in Slack in #core by noisysocks. View the logs.


5 years ago

#3 follow-up: @kirasong
5 years ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release

Hi @jqz, and thanks for the report!

Apologies it has taken this long for a comment. We chatted about this in [today's triage](https://wordpress.slack.com/archives/C02RQBWTW/p1581570771299400).

Consensus was that this does look like a backcompat breakage, like you mention. Going to go ahead and mark it for Future Release, and that it needs a patch to move forward.

@SergeyBiryukov, since you committed/worked on the last patch, do you have any thoughts on the best way forward?

#4 @dlh
3 years ago

  • Version changed from 5.4 to 5.3

#5 @jqz
3 years ago

#54185 was marked as a duplicate.

#6 in reply to: ↑ 3 @jqz
3 years ago

Replying to mikeschroder:

@SergeyBiryukov, since you committed/worked on the last patch, do you have any thoughts on the best way forward?

I can't speak for Sergey, but thinking about this, I would suggest the solution to the original problem (#34290) would be to simply document the behaviour - i.e. to get a literal % in the default value it must be escaped as %%.

I don't see (or indeed think there is) any other solution which retains support for the URL insertion without a BC. Moreover, removing URL insertion support would be a BC even for implementations which don't use it, if they are ('correctly') escaping their %s.

Note: See TracTickets for help on using tickets.