Wordpress inconsistently parsing "template name: xxx" in template files

admin

Administrator
Staff member
I started developing a custom theme for wordpress and I noticed an evident bug, which seems strange to me given the 'size' and popularity of Wordpress.

Wordpress uses a convention so that files named like page_mytemplatename.php are considered "page templates" and are parsed in order to populate the "Template" dropdown in page edit options.

It is known, intended and documented that writing a comment in a page template file stating

Code:
/* Template Name: myCustomTemplateNameHere */

tells wordpress to add "myCustomTemplateNameHere" to the dropdown.

Now... I would expect wordpress to be smart enough to look for the "Template Name: xxxx" pattern only in the first comment (and only if the first comment is the first thing at all in the .php file!) but instead I found that writing "template name: xxxxxxx" somewhere in ANY template OR in any file which is INCLUDED via 'include' or 'require' directive, causes wordpress to actually populate the menu with wathever garbage is written after the colon, even php code itself!

for example, a statement like this, in the middle of a file even indirectly included by 'include' directive

Code:
echo "current template name: " . $tpl_name;

will cause the appearance of a " . $tpl_name; template in the dropdown!

To my opinion, this seems totally unckecked and may lead to security issues in wordpress! this could potentially lead to some sort of injection, even thou I must admit it would be tricky to get there...

anyway, the fact that we seem not to be free to write a comment like

Code:
/* writing template name: namehere would cause wordpress to populate a dropdown */

or even writing code containing the sequence of characters "Template name: xxxx" without actually causing the side effect sounds like a bug to me.

also, I noticed it happens even if template name: xxxx is written inside included or required files... why this happens. does wordppress parse ALL files or even look for includes and parse included files? this would seem tricky and terribly wrong to me!

did I manage to show my point?

I am running WordPress 4.3.1 (pretty much the latest at the time of this writing)

can someone confirm this to be a bug I should keep in mind while I write my theme?

thank you.