[wp-trac] [WordPress Trac] #16773: Unescaped preg_match breaks with PHP 5.3 Namespaced Widget Classes.
WordPress Trac
noreply at wordpress.org
Fri Jan 8 17:10:19 UTC 2016
#16773: Unescaped preg_match breaks with PHP 5.3 Namespaced Widget Classes.
-------------------------------------------------+-------------------------
Reporter: 5ubliminal | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
Component: Widgets | Review
Severity: minor | Version: 3.1
Keywords: has-patch needs-unit-tests needs- | Resolution:
testing | Focuses:
-------------------------------------------------+-------------------------
Comment (by westonruter):
Feedback on [attachment:16773.2.diff]:
{{{#!php
<?php
$this->id_base = empty($id_base) ? preg_replace( '/(wp_)?widget_/', '',
sanitize_key( get_class( $this ) ) ) : sanitize_key( $id_base );
}}}
The use of `strtolower()` should be retained because PHP class names
should be have capitalized words. So to ensure that `WP_Widget_Foo`
becomes `foo` as the default `$id_base`, use `strtolower()`.
{{{#!php
<?php
if ( empty($id_base) ) {
$this->id_base = preg_replace( '/(wp_)?widget_/', '', strtolower(
sanitize_key( get_class( $this ) ) ) );
} else {
$this->id_base = sanitize_key( get_class( $this ) );
}
}}}
This will also ensure back-compat, since `strtolower()` is currently used
in Core.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16773#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list