Query about capitalization of theme name

[cericoda]

I have a question about themes, I have noticed that I am getting an error for the theme 'Avada'. The theme has a capitalized first letter, and the wpvulndb entry is:- https://wpvulndb.com/api/v2/themes/Avada

The json on that page lists the theme name as avada. Is this a problem that wp-sec should solve or should I take this up with wpvulndb do you think?

EDIT: In any case the discrepancy causes wp-sec to crash with the following error:- Error: Unexpected response from wpvulndb for theme Avada

[cericoda]

OK, I checked with wpvulndb and they have corrected the entry so this can be closed.

[cericoda]

As an update, the entry kept being updated back to being incorrect, and I have jsut been advised 'this is currently a problem we are aware of. There is an avada entry on wordpress too and they only differ in case which we currently can't differentiate. This would involve major code changes so the fix for this will take a longer time.'

[markri]

I thought that casing didnt matter, but after some googling I found https://tools.ietf.org/html/std66#section-6.2.2.1 which says that path is case sensitive. IMO wp-sec should handle names transparantly, so being agnostic about the casing.

That being said, it doesn't provide a solution for the Avada theme and maybe other themes/plugins as well. As a temporary solution (until wpvulndb fixes the casing) we could implement a translation table in form of a translation.txt file placed in the CWD. From which wp-sec could do the "right" curl request. It shouldn't be to hard to implement this. Maybe this is something you can create a PR for?

[cericoda]

Hi,

Actually, I have thought about this and I did ask for a bit more info from the wpvulndb guys about the nature of their problem, and they said that the reason that they had an issue was that their database was case insensitive, so while Wordpress is case sensitive in this respect, wpvulndb is not.

This means that lower case can be used in all instances. So I think that the best solution would be to add an option 'coerce-lower-case' which will coerce all theme, plugin and core names to be lower case when queried against wpvulndb.

By using this flag, it will fix the error. Once the wpvulndb team have sorted out their database, the plugin will have errors again, and the flag won't need to be used any more. Sound OK for a PR?

[markri]

Agreed, I think it won't do any harm. Maybe in the future it will, but a fix is easily made by then. So yes, I'll be happy to merge a PR for that.

[cericoda]

Hi @markri just a note - I noticed I had the problem again with lowercase (using api v2) so I think the problem still exists (you mentioned in the readme that the problem doesn't seem to exist any more).