[wp-trac] [WordPress Trac] #40070: Cannot remove theme with Javascript if folder name contains periods
WordPress Trac
noreply at wordpress.org
Mon Jun 12 05:28:00 UTC 2017
#40070: Cannot remove theme with Javascript if folder name contains periods
--------------------------+-----------------------------
Reporter: svanlooy | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Themes | Version: 4.7.3
Severity: normal | Resolution:
Keywords: | Focuses: javascript
--------------------------+-----------------------------
Comment (by dd32):
Replying to [comment:11 obenland]:
> We already send the correct identifier to admin-ajax, trying to sanitize
that is what causes the trip up. Do you have any recommendation there?
Probably shouldn't be sanitizing it at all in that case then, merely
checking that the provided value is recognised valid value for the
request, ie. `in_array( $value_provided, wp_list_pluck( get_themes(),
'template' ), true )`.
If you did want to sanitize it first - you'd need to allow every character
that can appear in a directory name, excluding `../` but including `/` and
`..`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40070#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list