[wp-trac] [WordPress Trac] #16773: Unescaped preg_match breaks with PHP 5.3 Namespaced Widget Classes.
WordPress Trac
wp-trac at lists.automattic.com
Sun Mar 6 13:48:22 UTC 2011
#16773: Unescaped preg_match breaks with PHP 5.3 Namespaced Widget Classes.
--------------------------+------------------------------
Reporter: 5ubliminal | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Widgets | Version: 3.1
Severity: major | Resolution:
Keywords: |
--------------------------+------------------------------
Comment (by 5ubliminal):
''Spoke too soon.'' This '''problem only occurs if you don't specify an
id_base'''. But, if you do, it goes away.
If you don't... the problem starts in
{{{
WP_Widget::__construct()
}}}
where $this->id_base should be sanitized once more:
{{{
$this->id_base = trim(preg_replace('~[^a-z0-9-_]+~i', '-',
$this->id_base), '-');
}}}
or one could just weed out / and \ characters.
Cheers.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16773#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list