[wp-hackers] Potential (security) issue with Twenty Ten?
Bjorn Wijers
burobjorn at gmail.com
Sat Jan 8 13:08:48 UTC 2011
Peter & Mike,
Thanks for clearing this up. Next time when I suspect a security issue
I'll contact and use the appropriate channels.
@Peter: out of curiosity: could you give an example when gettext does
not provide a solution and an extra php file is needed?
met vriendelijke groet,
Bjorn Wijers
* b u r o b j o r n .nl *
digitaal vakmanschap | digital craftsmanship
Werkdagen:
Van maandag t/m donderdag vanaf 10:00
Vrijdag is voor experimenteren en eigen projecten.
Concordiastraat 68-126
3551 EM Utrecht
The Netherlands
tel: +31 6 49 74 78 70
http://www.burobjorn.nl
On 01/06/2011 12:26 PM, Bjorn Wijers wrote:
> Hi,
>
> Not sure if this is the right place to discuss this, so please point me
> in the right direction if this should be discussed somewhere else...
>
> I was looking at Twenty Ten and noticed this piece of code below the
> theme textdomain loading in the functions.php:
>
> 91 load_theme_textdomain( 'twentyten', TEMPLATEPATH . '/languages' );
> 92
> 93 $locale = get_locale();
> 94 $locale_file = TEMPLATEPATH . "/languages/$locale.php";
> 95 if ( is_readable( $locale_file ) )
> 96 require_once( $locale_file );
>
> Source:
> http://core.trac.wordpress.org/browser/trunk/wp-content/themes/twentyten/functions.php
>
>
> I do not understand why after loading the theme's translations files
> another file ($locale.php) is included. Also the $locale, as far as I
> can see although I haven't dived into it, does not get escaped. Somehow
> this looks kinda funky.
>
> Can somebody explain why this of code is included in Twenty Ten? And why
> this is used after already loading the translations using
> load_theme_textdomain() function.
>
> grtz
> BjornW
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> (http://core.trac.wordpress.org/browser/trunk/wp-content/themes/twentyten/functions.php#L93
>
>
>
>
>
>
More information about the wp-hackers
mailing list