[wp-trac] [WordPress Trac] #37924: Cannot delete or update themes in directories containing an uppercase letter from Appearance > Themes

WordPress Trac noreply at wordpress.org
Fri Sep 2 20:16:04 UTC 2016 

#37924: Cannot delete or update themes in directories containing an uppercase
letter from Appearance > Themes
----------------------------+-----------------------------
 Reporter:  chrisjean       |      Owner:
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Themes          |    Version:  trunk
 Severity:  normal          |   Keywords:
  Focuses:  administration  |
----------------------------+-----------------------------
 The shiny updates v2 code changes [37714] introduced a bug where themes in
 directories with one or more uppercase letters in the directory name
 cannot be deleted or updated from inside the Appearance > Themes page.
 This is due to the `$_POST['slug']` data being sanitized using
 `sanitize_key()` which forces uppercase characters to lowercase.

 The shiny updates v2 changes did not create the same problem with plugins
 since plugins keep track of plugin (akismet/akismet.php) and slug
 (akismet) separately with only the slug being passed through
 `sanitize_key()`.

 Looking at the plugin-handling code, the plugin value is sanitized using
 `sanitize_text_field()`. The attached patch updates the theme code to use
 `sanitize_text_field()` rather than `sanitize_key()` when sanitizing the
 slug. In my testing, this fixes both updating and deleting themes in
 directories with uppercase characters.

 I should note that while there aren't any themes on .org that have an
 uppercase letter in the directory name, all of the themes released by
 iThemes.com (my employer) use uppercase letters in the theme directory
 name, I've seen other theme vendors do the same, and I've seen many
 customer sites where they have custom theme directory names that include
 uppercase letters.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37924>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list