[wp-trac] [WordPress Trac] #16773: Unescaped preg_match breaks with PHP 5.3 Namespaced Widget Classes.

WordPress Trac noreply at wordpress.org
Fri Jan 8 17:10:19 UTC 2016


#16773: Unescaped preg_match breaks with PHP 5.3 Namespaced Widget Classes.
-------------------------------------------------+-------------------------
 Reporter:  5ubliminal                           |       Owner:
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Awaiting
Component:  Widgets                              |  Review
 Severity:  minor                                |     Version:  3.1
 Keywords:  has-patch needs-unit-tests needs-    |  Resolution:
  testing                                        |     Focuses:
-------------------------------------------------+-------------------------

Comment (by westonruter):

 Feedback on [attachment:16773.2.diff]:

 {{{#!php
 <?php
 $this->id_base = empty($id_base) ? preg_replace( '/(wp_)?widget_/', '',
 sanitize_key( get_class( $this ) ) ) : sanitize_key( $id_base );
 }}}

 The use of `strtolower()` should be retained because PHP class names
 should be have capitalized words. So to ensure that `WP_Widget_Foo`
 becomes `foo` as the default `$id_base`, use `strtolower()`.

 {{{#!php
 <?php
 if ( empty($id_base) ) {
     $this->id_base = preg_replace( '/(wp_)?widget_/', '', strtolower(
 sanitize_key( get_class( $this ) ) ) );
 } else {
     $this->id_base = sanitize_key( get_class( $this ) );
 }
 }}}

 This will also ensure back-compat, since `strtolower()` is currently used
 in Core.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/16773#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list