Opened 12 months ago

Closed 12 months ago

Last modified 11 months ago

#20876 closed defect (bug) (fixed)

Customizer: Some error handling should be included, e.g. for cookie expiration

Reported by: ocean90 Owned by: ryan
Priority: normal Milestone: 3.4
Component: Appearance Version: 3.4
Severity: normal Keywords: has-patch commit
Cc:

Description

You are customizing your theme and suddenly your cookies are expired, then the Customizer doesn't show any notice.

Changes via postMessage are still visible, but changes which need an iframe refresh aren't visible, since the server response is an error. It includes the HTML page for the Cheatin’ uh? message.

Another problem is, when you try to save the changes. You can click the button, you will see the spinning image and the button text is changing to Saved. But it doesn't save anything, because the server response is an error again. Now a raw Cheatin’ uh? message.

Seems like we need an extra wp_die handler for the Customizer.

Attachments (7)

20876.patch (1.1 KB) - added by ocean90 12 months ago.
20876.2.patch (2.3 KB) - added by ocean90 12 months ago.
20876.3.patch (2.7 KB) - added by ocean90 12 months ago.
20876.4.patch (10.4 KB) - added by koopersmith 12 months ago.
20876.5.patch (10.4 KB) - added by koopersmith 12 months ago.
20876.diff (11.8 KB) - added by nacin 12 months ago.
20876.2.diff (14.8 KB) - added by koopersmith 12 months ago.

Download all attachments as: .zip

Change History (19)

ocean9012 months ago

comment:1   ocean9012 months ago

20876.patch is a first approach to handle error messages for iframe reloads.

ocean9012 months ago

ocean9012 months ago

comment:2   nacin12 months ago

  • Owner set to koopersmith
  • Status changed from new to assigned

The PHP should be considered done here. koopersmith is working on the JS.

I might step in and help with refreshing second-tick nonces if we find that to be something we should address.

koopersmith12 months ago

comment:3   koopersmith12 months ago

Latest patch adds JS to handle logins in the customizer (so you don't lose state), and handles cheaters.

comment:4   koopersmith12 months ago

  • Keywords has-patch added; needs-patch removed

Does not handle nonce refreshing.

koopersmith12 months ago

comment:5   koopersmith12 months ago

Updated to handle conflicts with trunk, add IFRAME_REQUEST to customize.php (which prevents is_admin_bar_showing() from returning true, amongst other things), and moves the wp-login customize enqueue_script to the necessary step. Also gets rid of debug cruft.

nacin12 months ago

comment:6   nacin12 months ago

20876.diff implements a nonce check for ajax previews, via the customize-preview-$stylesheet nonce. (Saves are already implemented with customize-controls-$stylesheet.) The preview nonce is then check for its nonce tick, and if in the second half of its life, fresh nonces are returned for both customize-controls and customize-preview. koopersmith will be cleaning up the JS and ensuring that, if new nonces are returned, they begin to get used for future previews and saves.

comment:7   koopersmith12 months ago

Adds nonce updating.

koopersmith12 months ago

comment:8   nacin12 months ago

  • Keywords commit added
  • Owner changed from koopersmith to ryan
  • Status changed from assigned to reviewing

20876.2.diff looks good. Ready for final review.

comment:9   ocean9012 months ago

Tested all three states, works fine for me.

comment:10   ryan12 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In [21031]:

Customizer: Gravefully handle cookie expipration. Prompt for log in in the preview. Props ocean90, koopersmith, nacin. fixes #20876

comment:11   nacin11 months ago

In [21135]:

Refresh nonces in the customizer. props koopersmith. see #20876.

comment:12   nacin11 months ago

In [21136]:

Refresh nonces in the customizer. props koopersmith. see #20876 for 3.4.

Note: See TracTickets for help on using tickets.