[wp-trac] [WordPress Trac] #50781: 500 error caused by customize_changeset_uuid for non-authenticated users
WordPress Trac
noreply at wordpress.org
Wed Oct 21 10:23:53 UTC 2020
#50781: 500 error caused by customize_changeset_uuid for non-authenticated users
-------------------------------------------------+-------------------------
Reporter: bacardy4 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.6
Component: Customize | Version: 4.7
Severity: normal | Resolution:
Keywords: has-patch needs-refresh needs-unit- | Focuses:
tests |
-------------------------------------------------+-------------------------
Comment (by sumanm):
As suggested,
I have created a new patch
[attachment:"50781.3.patch"]
Replying to [comment:5 peterwilsoncc]:
Added additional check for:
> * It would be good to check if a theme or plugin has made changes in
`pre_handle_404` before doing anything in
`customize_changeset_preview_redirect`. If a theme or plugin has made
changes, defer to it. See `WP_Sitemaps::redirect_sitemapxml()`.
> Unexpected: an invalid format continues to throw a 500 error, eg:
> * `/?customize_changeset_uuid=7d5b3806-b477-4cdc-be3b-53bd4075583e-nope`
> * `/?customize_changeset_uuid=7d5b3806-`
> * `/?customize_changeset_uuid=7d5b3806-this-brak-esit-53bd4075583e`
Removed:
> * to throw a 404 whenever an invalid change set ID is included,
regardless of the format, the result of the `wp_is_uuid()` check on `src
/wp-includes/class-wp-customize-manager.php#L539` will need to be altered
too (see manual testing notes)
> * No need for the `X-Robots` http header, a 404 is basically a
supercharged `noindex`
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50781#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list