[wp-trac] [WordPress Trac] #45346: Varnish querystring.sort can break load-styles.php
WordPress Trac
noreply at wordpress.org
Wed Nov 14 11:26:41 UTC 2018
#45346: Varnish querystring.sort can break load-styles.php
--------------------------+-----------------------------
Reporter: rabin.io | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.9.8
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
If one use Varnish with this snippet
{{{
# Sort the querystring parameters, so different orders of the same
produce a single cache object.
if (req.url ~ "\?") {
set req.url = querystring.sort(req.url);
}
}}}
And if load-styles.php get an array for the load parameter and this
parameter is sorted, it can break the page by not loading all the style
elements.
e.g:
this url
{{{
/load-styles.php?c=0&dir=rtl&load[]=dashicons,admin-bar,common,forms
,admin-menu,dashboard,list-tables,edit,revisions,media,themes,about,nav-
menus,wp-pointer,widgets&load[]=,site-icon,l10n,buttons&ver=4.9.8
}}}
the array will look like this after sorting
{{{
[load] => Array
(
[0] => dashicons,admin-bar,common,forms,admin-menu,dashboard
,list-tables,edit,revisions,media,themes,about,nav-menus,wp-
pointer,widgets
[1] => ,site-icon,l10n,buttons
)
}}}
and the result will be,
{{{
Array
(
[0] =>
[1] => site-icon
[2] => l10n
[3] => buttonsdashicons <-------- this is the problem
[4] => admin-bar
[5] => common
[6] => forms
[7] => admin-menu
[8] => dashboard
[9] => list-tables
[10] => edit
[11] => revisions
[12] => media
[13] => themes
[14] => about
[15] => nav-menus
[16] => wp-pointer
[17] => widgets
)
}}}
the fix is very simple,
{{{
diff --git a/wp-admin/load-styles.php b/wp-admin/load-styles.php
index de20881..f45cfe2 100644
--- a/wp-admin/load-styles.php
+++ b/wp-admin/load-styles.php
@@ -20,7 +20,8 @@ require( ABSPATH . WPINC . '/version.php' );
$load = $_GET['load'];
if ( is_array( $load ) ) {
- $load = implode( '', $load );
+ $load = array_map( function ($item) { return trim($item, ','); },
$load );
+ $load = implode( ',', $load );
}
$load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
$load = array_unique( explode( ',', $load ) );
}}}
but is it the right solution ?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45346>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list