[wp-trac] [WordPress Trac] #15086: get_template_part() should let you specify a directory

WordPress Trac wp-trac at lists.automattic.com
Sun Oct 10 21:36:45 UTC 2010 

#15086: get_template_part() should let you specify a directory
---------------------------+------------------------------------------------
 Reporter:  aaroncampbell  |       Owner:                 
     Type:  enhancement    |      Status:  new            
 Priority:  normal         |   Milestone:  Awaiting Review
Component:  Themes         |     Version:  3.0            
 Severity:  normal         |    Keywords:  dev-feedback   
---------------------------+------------------------------------------------
 IT would be nice for `get_template_part()` to allow you to specify a
 directory to look for a file in.  Right now you actually *can* do this,
 but it requires passing a 'slug' to the function like `directory/slug`.
 Since everywhere else in the code slugs are sanitized, this seems like an
 unexpected way to allow this functionality (I didn't realize this worked
 until @nacin pointed it out).  Since this slug isn't actually sanitized at
 all, you can currently do `get_template_part( '../../../test' );` which
 seems rather unsafe (`get_template_part` should be able to include from
 outside the themes directory).

 I suggest sanitizing $slug and adding a third [optional] parameter that
 allows you to specify the directory to look in.  The directory parameter
 should be sanitized enough to not allow it to start with a . or a /
 (although this more likely belongs in `locate_template()` as something
 done to $template_name inside the foreach).

 What does everyone think about this approach?

 How many themes do we think are currently using the $slug parameter to
 specify a directory?

 Right now the optional $name parameter is set up as a fall through, so if
 $slug-$name.php doesn't exist $slug.php is used.  Should $directory be set
 up similarly ($directory/$slug-$name.php -> $directory/$slug.php ->
 $slug-$name.php -> $slug.php)?

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/15086>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list