[wp-trac] [WordPress Trac] #23423: sanitize_title() in dynamic_sidebar() restricts the use of specific characters for sidebar IDs
WordPress Trac
noreply at wordpress.org
Fri Feb 8 13:25:01 UTC 2013
#23423: sanitize_title() in dynamic_sidebar() restricts the use of specific
characters for sidebar IDs
-----------------------------+--------------------------
Reporter: paulvandermeijs | Type: defect (bug)
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Widgets
Version: 3.5.1 | Severity: normal
Keywords: needs-patch |
-----------------------------+--------------------------
In the dynamic_sidebar() function in wp-includes/widgets.php uses
sanitize_title() on the given index when it looks for a sidebar with a
name that matches the index. After that it leaves the index value
sanitized making it impossible to use characters not allowed by
sanitize_title() in a sidebar ID.
By not overwriting the given index value with the sanitized version it
would still be possible to use any character for the ID. To achieve this,
lines 847-853
{{{
$index = sanitize_title($index);
foreach ( (array) $wp_registered_sidebars as $key => $value ) {
if ( sanitize_title($value['name']) == $index ) {
$index = $key;
break;
}
}
}}}
should be replaced with
{{{
$sanitized_index = sanitize_title($index);
foreach ( (array) $wp_registered_sidebars as $key => $value ) {
if ( sanitize_title($value['name']) == $sanitized_index ) {
$index = $key;
break;
}
}
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23423>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list