[wp-trac] [WordPress Trac] #40969: RFE: get_template_part() to return something or warn when nothing found
WordPress Trac
noreply at wordpress.org
Tue Feb 5 00:25:00 UTC 2019
#40969: RFE: get_template_part() to return something or warn when nothing found
-------------------------+-----------------------
Reporter: sphakka | Owner: pento
Type: enhancement | Status: reopened
Priority: high | Milestone: 5.1
Component: Themes | Version:
Severity: major | Resolution:
Keywords: | Focuses: template
-------------------------+-----------------------
Changes (by pento):
* keywords: has-patch =>
* priority: normal => high
* status: closed => reopened
* resolution: fixed =>
* severity: normal => major
Comment:
I'm re-opening this ticket, as a problem as come up.
There are
[https://github.com/search?p=1&q=%22echo+get_template_part%22&type=Code a
lot of examples] of themes printing the return value of
`get_template_part()`. The function name implies that it returns
something, so this isn't really a surprising usage.
This causes two problems:
- Unexpected content being sent to the browser.
- A path disclosure security issue.
Unless anyone has good ideas for a workaround, we're going to need to
revert it.
Props @david.binda for discovering this.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40969#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list