[wp-trac] [WordPress Trac] #50781: 500 error caused by customize_changeset_uuid for non-authenticated users

WordPress Trac noreply at wordpress.org
Tue Oct 20 04:29:13 UTC 2020 

#50781: 500 error caused by customize_changeset_uuid for non-authenticated users
-------------------------------------------------+-------------------------
 Reporter:  bacardy4                             |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  5.6
Component:  Customize                            |     Version:  4.7
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch needs-refresh needs-unit-  |     Focuses:
  tests                                          |
-------------------------------------------------+-------------------------
Changes (by peterwilsoncc):

 * keywords:  has-patch => has-patch needs-refresh needs-unit-tests


Comment:

 For [attachment:"50781.2.diff"]:

 * to throw a 404 whenever an invalid change set ID is included, regardless
 of the format, the result of the `wp_is_uuid()` check on `src/wp-includes
 /class-wp-customize-manager.php#L539` will need to be altered too (see
 manual testing notes)
 * No need for the `X-Robots` http header, a 404 is basically a
 supercharged `noindex`
 * Setting a 404 via `pre_handle_404` will also set the no cache headers
 * It would be good to check if a theme or plugin has made changes in
 `pre_handle_404` before doing anything in
 `customize_changeset_preview_redirect`. If a theme or plugin has made
 changes, defer to it. See `WP_Sitemaps::redirect_sitemapxml()`.


 From manual testing, this is what is happening at the moment:

 Expected outcomes:
 * Valid change sets continue to display preview as expected
 * Invalid ID in the expected format (eg, `7d5b3806-b477-4cdc-be3b-
 53bd4075583f`) shows a 404

 Unexpected: an invalid format continues to throw a 500 error, eg:
 * `/?customize_changeset_uuid=7d5b3806-b477-4cdc-be3b-53bd4075583e-nope`
 * `/?customize_changeset_uuid=7d5b3806-`
 * `/?customize_changeset_uuid=7d5b3806-this-brak-esit-53bd4075583e`

 Some tests would be dandy too.

 The customizer is fairly well tested as is so before putting this in it
 would be good to set up a pull request and run it through the tests matrix
 just in case it affects an existing test.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/50781#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list