A theme whose name contains ' cannot be edited using the built-in editor
|Reported by:||Waldo||Owned by:||ryan|
If you define a theme whose name contains an apostrophe, that theme cannot be edited within the admin interface. Instead, a nice little error about how the file doesn't exist gets thrown. The base reason for this lies in <wp-admin/theme-editor.php>, just below the line containing '<select name="theme" id="theme">'. The problem is that the theme name is not HTML-escaped, but the option value is wrapped in apostrophes.
I discovered this bug when attempting to define a theme with the name "Where's Waldo?" (without the enclosing double quotes).
This seems trivial to patch, but simply escaping using htmlspecialchars() with ENT_QUOTES doesn't quite seem to work -- I need to dig in a little further first to figure out what's not happening that should. I promise I'll do some more testing, but it'll have to wait for now. (It's also rather trivial to work around by using a different name -- it doesn't seem to appear in any user-facing areas, so it's a mostly cosmetic issue.)