Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#20876 closed defect (bug) (fixed)

Customizer: Some error handling should be included, e.g. for cookie expiration

Reported by: ocean90 Owned by: ryan
Milestone: 3.4 Priority: normal
Severity: normal Version: 3.4
Component: Customize Keywords: has-patch commit
Focuses: Cc:


You are customizing your theme and suddenly your cookies are expired, then the Customizer doesn't show any notice.

Changes via postMessage are still visible, but changes which need an iframe refresh aren't visible, since the server response is an error. It includes the HTML page for the Cheatin’ uh? message.

Another problem is, when you try to save the changes. You can click the button, you will see the spinning image and the button text is changing to Saved. But it doesn't save anything, because the server response is an error again. Now a raw Cheatin’ uh? message.

Seems like we need an extra wp_die handler for the Customizer.

Attachments (7)

20876.patch (1.1 KB) - added by ocean90 2 years ago.
20876.2.patch (2.3 KB) - added by ocean90 2 years ago.
20876.3.patch (2.7 KB) - added by ocean90 2 years ago.
20876.4.patch (10.4 KB) - added by koopersmith 2 years ago.
20876.5.patch (10.4 KB) - added by koopersmith 2 years ago.
20876.diff (11.8 KB) - added by nacin 2 years ago.
20876.2.diff (14.8 KB) - added by koopersmith 2 years ago.

Download all attachments as: .zip

Change History (19)

ocean902 years ago

comment:1 ocean902 years ago

20876.patch is a first approach to handle error messages for iframe reloads.

ocean902 years ago

ocean902 years ago

comment:2 nacin2 years ago

  • Owner set to koopersmith
  • Status changed from new to assigned

The PHP should be considered done here. koopersmith is working on the JS.

I might step in and help with refreshing second-tick nonces if we find that to be something we should address.

koopersmith2 years ago

comment:3 koopersmith2 years ago

Latest patch adds JS to handle logins in the customizer (so you don't lose state), and handles cheaters.

comment:4 koopersmith2 years ago

  • Keywords has-patch added; needs-patch removed

Does not handle nonce refreshing.

koopersmith2 years ago

comment:5 koopersmith2 years ago

Updated to handle conflicts with trunk, add IFRAME_REQUEST to customize.php (which prevents is_admin_bar_showing() from returning true, amongst other things), and moves the wp-login customize enqueue_script to the necessary step. Also gets rid of debug cruft.

nacin2 years ago

comment:6 nacin2 years ago

20876.diff implements a nonce check for ajax previews, via the customize-preview-$stylesheet nonce. (Saves are already implemented with customize-controls-$stylesheet.) The preview nonce is then check for its nonce tick, and if in the second half of its life, fresh nonces are returned for both customize-controls and customize-preview. koopersmith will be cleaning up the JS and ensuring that, if new nonces are returned, they begin to get used for future previews and saves.

comment:7 koopersmith2 years ago

Adds nonce updating.

koopersmith2 years ago

comment:8 nacin2 years ago

  • Keywords commit added
  • Owner changed from koopersmith to ryan
  • Status changed from assigned to reviewing

20876.2.diff looks good. Ready for final review.

comment:9 ocean902 years ago

Tested all three states, works fine for me.

comment:10 ryan2 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In [21031]:

Customizer: Gravefully handle cookie expipration. Prompt for log in in the preview. Props ocean90, koopersmith, nacin. fixes #20876

comment:11 nacin2 years ago

In [21135]:

Refresh nonces in the customizer. props koopersmith. see #20876.

comment:12 nacin2 years ago

In [21136]:

Refresh nonces in the customizer. props koopersmith. see #20876 for 3.4.

Note: See TracTickets for help on using tickets.