[wp-trac] [WordPress Trac] #28158: WP_Widget_Factory does not validate that widget class is a WP_Widget
WordPress Trac
noreply at wordpress.org
Wed May 7 02:23:23 UTC 2014
#28158: WP_Widget_Factory does not validate that widget class is a WP_Widget
---------------------------+-----------------------------
Reporter: carlalexander | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Widgets | Version: 3.9
Severity: normal | Keywords:
Focuses: |
---------------------------+-----------------------------
I have been working on an [http://carlalexander.ca/programming/using-
inheritance-wordpress/ article] that uses the Widget API. As I was
reviewing the code, it came to my attention that you have no validation in
WP_Widget_Factory. You can register a widget class that isn't a WP_Widget.
This isn't a problem by itself, but the _register_widgets method calls the
WP_Widget _register method. If someone registered a non-WP_Widget class,
it will cause a fatal error.
A possible fix would be to add validation in the register function. Like
this:
{{{
class WP_Widget_Factory {
// ...
function register($widget_class) {
$widget_obj = new $widget_class();
if ( !is_a($widget_obj, 'WP_Widget') )
return;
$this->widgets[$widget_class] = $widget_obj;
}
// ...
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28158>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list