Make WordPress Core

Opened 13 years ago

Closed 13 years ago

#953 closed defect (bug) (fixed)

A theme whose name contains ' cannot be edited using the built-in editor

Reported by: Waldo Owned by: ryan
Milestone: Priority: normal
Severity: minor Version: 1.5.1
Component: Administration Keywords:
Focuses: Cc:


If you define a theme whose name contains an apostrophe, that theme cannot be edited within the admin interface. Instead, a nice little error about how the file doesn't exist gets thrown. The base reason for this lies in <wp-admin/theme-editor.php>, just below the line containing '<select name="theme" id="theme">'. The problem is that the theme name is not HTML-escaped, but the option value is wrapped in apostrophes.

I discovered this bug when attempting to define a theme with the name "Where's Waldo?" (without the enclosing double quotes).

This seems trivial to patch, but simply escaping using htmlspecialchars() with ENT_QUOTES doesn't quite seem to work -- I need to dig in a little further first to figure out what's not happening that should. I promise I'll do some more testing, but it'll have to wait for now. (It's also rather trivial to work around by using a different name -- it doesn't seem to appear in any user-facing areas, so it's a mostly cosmetic issue.)

Change History (2)

#1 @Waldo
13 years ago

  • Patch set to No

#2 @ryan
13 years ago

  • fixed_in_version set to 1.5.1
  • Owner changed from anonymous to rboren
  • Resolution changed from 10 to 20
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.