[wp-trac] [WordPress Trac] #8756: No continuity constraint between dynamic_sidebar and register_sidebar leeds to no widgets in the sidebar in admin mode

WordPress Trac wp-trac at lists.automattic.com
Tue Dec 30 08:52:41 GMT 2008 

#8756: No continuity constraint between dynamic_sidebar and register_sidebar leeds
to no widgets in the sidebar in admin mode
-----------------------------+----------------------------------------------
 Reporter:  e-gaulue         |       Owner:  anonymous     
     Type:  defect (bug)     |      Status:  new           
 Priority:  highest omg bbq  |   Milestone:  2.8           
Component:  General          |     Version:  2.7           
 Severity:  trivial          |    Keywords:  widget sidebar
-----------------------------+----------------------------------------------
 register_sidebar allows you to set sidebars with different id and name.

 In order to have your widget display you go in dynamic_sidebar function.

 This function accepts a number or whatever. If you set it to the integer
 "2" it looks for the sidebar with the "sidebar-2" index. If you set it to
 something else it applies sanitize_title on the parameter and it tries to
 find a corresponding sidebar name then it set te index. If it doesn't find
 it, the index will stay with the sanitize_title value of the parameter and
 it goes on.

 In the admin interface we will come here because of this code (in wp-
 admin/widgets.php):
 {{{
 <div id="current-sidebar">
         <?php wp_list_widget_controls( $sidebar ); // Show the control
 forms for each of the widgets in this sidebar ?>
 </div>
 }}}

 With $sidebar being :
 {{{
 if ( isset($_GET['sidebar']) &&
 isset($wp_registered_sidebars[$_GET['sidebar']]) ) {
         $sidebar = attribute_escape( $_GET['sidebar'] );
 (...)
 }}}

 So it's the sidebar!['id'], but at no time it has been sinitize with
 sanitize_title(). So the function dynamic_sidebar don't find the sidebar.
 Having an uppercase sidebar!['id'] is enough to fall in that trap.

 I propose several possibilities :
  * sanitize sidebar!['id'] with sanitize_title at sidebar registration
 time
  * modify the dynamic_sidebar function by keeping the original value of
 index during sidebar!['name'] search
  * modify the dynamic_sidebar function by escaping the sidebar!['name']
 search if isset($wp_registered_sidebars[$index])
  * modify the dynamic_sidebar function by changing the test in the
 sidebar!['name'] search to :
  {{{if ( sanitize_title($value['name']) == $index ||
 sanitize_title($value['index'])== $index )}}}

-- 
Ticket URL: <http://trac.wordpress.org/ticket/8756>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list