[wp-trac] [WordPress Trac] #42450: Customize: Ensure customize_autosaved requests only use revision of logged-in user
WordPress Trac
noreply at wordpress.org
Mon Nov 6 23:04:36 UTC 2017
#42450: Customize: Ensure customize_autosaved requests only use revision of logged-
in user
--------------------------+-------------------
Reporter: westonruter | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.9.1
Component: Customize | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-------------------
To reproduce:
1. Make a change in the customizer to the site title.
2. Save draft.
3. Open the preview link in another tab, but then append with
`customize_autosaved=on` to the URL.
4. Make a second change to the site title, but do not Save Draft.
5. Switch to other tab (and reload) and see your second change appearing
in the tab even though you did't save draft.
6. Now open the preview URL from that other tab in an incognito window,
and you'll see the user's autosave revision also applying there
unexpectedly.
Previously #42433.
The logic for adding the `customize_autosaved` param to the frontend
preview URL (#39896) should get improved, in case a plugin does want to
preview the autosaved state. In the mean time, the preview link feature is
only intended for previewing the fully saved state, not autosaves.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42450>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list