[wp-trac] [WordPress Trac] #42855: Add ability to filter header, sidebar, searchform, footer and template_part file paths
WordPress Trac
noreply at wordpress.org
Tue Feb 13 00:16:40 UTC 2018
#42855: Add ability to filter header, sidebar, searchform, footer and template_part
file paths
------------------------------+------------------------------
Reporter: atanasangelovdev | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Themes | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses: template
------------------------------+------------------------------
Comment (by joyously):
I agree with the comments in the referenced ticket, that filtering the
template name seems really dangerous, and it is not worth the security
risks.
Since `locate_template()` is not checking for directory traversal, but is
checking for 3 specific folders, it is best that the theme and child theme
are the only code that can influence what is loaded, and those will
usually be literals and that is a good thing.
If there is a filter, not only could the template part name be changed,
but the path to it could be changed, and that just doesn't seem right,
because it would encourage relative paths to plugins. The flexibility of
an installation is that you can define where your folders are, and
allowing a filter on a part of a theme template breaks the integrity of
the theme. The child theme can change it easily, so it's only plugins that
would "benefit" from a filter, and they would have to specify a relative
path to the plugin because only 3 theme folders are checked for the file.
It actually doesn't make sense to me to have `get_header()` able to get
something other than the header that the theme defined. Same for footer,
sidebar, etc.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42855#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list