[wp-trac] [WordPress Trac] #16773: Unescaped preg_match breaks with PHP 5.3 Namespaced Widget Classes.
WordPress Trac
noreply at wordpress.org
Fri Aug 28 13:49:51 UTC 2020
#16773: Unescaped preg_match breaks with PHP 5.3 Namespaced Widget Classes.
-------------------------------------------------+-------------------------
Reporter: 5ubliminal | Owner:
| SergeyBiryukov
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 5.6
Component: Widgets | Version: 3.1
Severity: minor | Resolution:
Keywords: needs-unit-tests needs-testing | Focuses:
needs-refresh close |
-------------------------------------------------+-------------------------
Comment (by jipmoors):
Have been reproducing the problem.
In the current code if a widget (in a namespace) is registered without
providing a "base id"
- The widget page will not be able to distinguish between multiple
instances of this widget
- The customizer will only show one instance of the widget
- The customizer will not show the widget in the "add widget"-selection
Changing the "strtolower" to "sanitize_key" will solve all these problems.
Though this seems to be a backwards-compatibility risk, if the widget name
would change the widgets will disappear from the site.
Only changing the `strtolower` to `sanitize_key` for classes will solve
the problem.
Though widgets with namespaces will be gone from the sites.
So that is a problem to still solve.
Applying the `preg_quote`, mentioned in the original report seems like a
no-brainer to make sure duplicate instances of these widgets can work on
the 'widgets' page.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16773#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list