[wp-trac] [WordPress Trac] #50781: 500 error caused by customize_changeset_uuid for non-authenticated users
WordPress Trac
noreply at wordpress.org
Mon Jul 27 08:40:21 UTC 2020
#50781: 500 error caused by customize_changeset_uuid for non-authenticated users
--------------------------+-----------------------------
Reporter: bacardy4 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.4.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Hello,
I have noticed that if a non-authenticated user visits a URL containing
the following get parameter: `?customize_changeset_uuid=SOME_ID_HERE`
WordPress returns 500 error.
There should be no reason to allow bots to flood someones Apache log with
500 errors by simply adding a get parameter.
If a user is not authenticated and they add the
`?customize_changeset_uuid=ID_HERE` parameter they should either be
redirected or the get parameter should be ignored rather than getting a
500 error.
Thanks for the consideration.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50781>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list