Make WordPress Core

Opened 3 years ago

Last modified 3 years ago

#31010 new enhancement

Frontend / Admin specifications for AJAX

Reported by: danielpataki Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.2
Component: General Keywords:
Focuses: Cc:


I recently ran into an issue, not sure where this belongs exactly. If you load posts in Twenty Fifteen via AJAX (by detecting pagination clicks) the images will be narrower, take a look:


This happens because when an image is shown, somewhere down the line the image_constrain_size_for_editor() function is called which is in media.php. If a context is not given it uses is_admin() to detect where the request is from.

The problem is that admin-ajax.php is always considered to be in the admin, since it technically is. However, the AJAX request comes from the front-end and the response is used on the front end as well. Here is one method to get around this problem:

$posts = new WP_Query( $query_vars );
add_filter( 'editor_max_image_size', 'my_image_size_override' ); 
if( ! $posts->have_posts() ) { 
    get_template_part( 'content', 'none' );
else {
    while ( $posts->have_posts() ) { 
        get_template_part( 'content', get_post_format() );
remove_filter( 'editor_max_image_size', 'my_image_size_override' );

This could also be addressed by providing a parameter that is passed to admin-ajax. Just as action is used to transfer the action, another parameter could be added to indicate the origin. I'm not a huge AJAX expert and I'm not sure if this causes any security issues so I am refraining from adding any patches. Aside from the security issue I assume this would affect a lot of functions.

Change History (2)

#1 follow-up: @helen
3 years ago

image_constrain_size_for_editor() drives me nuts and seems to cause seemingly-strange, hard-to-track-down bugs like this as often as not. I wonder if it's time to lose it, what with responsive design and all.

#2 in reply to: ↑ 1 @danielpataki
3 years ago

I agree, this is probably best resolved in the MCE editor end of things. Possible security issues aside, if a parameter is added to an AJAX call the check for that parameter would need to be added to a LOT of lower level functions which probably doesn't make sense.

I'm not too good at the TinyMCE either but I will look into creating a patch for this on that end. I'm glad I'm not the only one who found this a bit weird :)


Note: See TracTickets for help on using tickets.