WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 3 months ago

#31850 closed defect (bug) (fixed)

Customizer links should use canonical admin URL

Reported by: helen Owned by: westonruter
Milestone: 4.7.4 Priority: lowest
Severity: normal Version: 3.4
Component: Customize Keywords: has-patch commit fixed-major
Focuses: Cc:

Description

Now that we're removing some query args for notices (#23367), we need to ensure those aren't kept by the customizer return arg, lest users wonder why closing out of the customizer greets them with a message like "1 post moved to Trash".

Attachments (3)

31850.diff (2.1 KB) - added by dlh 7 months ago.
31850.2.diff (2.7 KB) - added by dlh 7 months ago.
Missed one.
31850.3.diff (2.8 KB) - added by westonruter 3 months ago.
Refresh patch

Download all attachments as: .zip

Change History (17)

#1 @johnbillion
2 years ago

Maybe the list of removable query args in wp_admin_canonical_url() does need to be in its own function.

#2 @helen
2 years ago

I think we probably need a true canonical admin URL, see #31603.

#3 @westonruter
2 years ago

#32280 was marked as a duplicate.

#4 @westonruter
2 years ago

Issue #32280 is regarding the behavior of clicking the Customize link just after having downloaded a plugin. Those query params need to be stripped as well from the return URL.

@dlh
7 months ago

@dlh
7 months ago

Missed one.

#5 @dlh
7 months ago

  • Keywords has-patch added; needs-patch removed

31850.2.diff would remove the wp_removable_query_args() from the locations I could find where the Customize return parameter was derived from $_SERVER['REQUEST_URI'].

#6 @westonruter
5 months ago

  • Priority changed from normal to lowest

@dlh to confirm, in practice a user will now never encounter the problem that this ticket originally describes because the WP_Customize_Manager::set_return_url() method does remove_query_arg( wp_removable_query_args(), $return_url ) itself. So the only benefit of 31850.2.diff is that it removes the removable query params from the return query param as it appears in the URL? As such, it would purely be a technical-cosmetic change?

#7 @dlh
5 months ago

@westonruter As far as I can tell, yes, your description is accurate.

This ticket was mentioned in Slack in #core-customize by melchoyce. View the logs.


3 months ago

#9 @westonruter
3 months ago

  • Keywords commit added
  • Milestone changed from Future Release to 4.7.4
  • Owner set to westonruter
  • Status changed from new to accepted
  • Version set to 3.4

#10 @swissspidy
3 months ago

remove_query_arg( wp_removable_query_args(), $url ) is also used by WP_Customize_Manager::set_return_url() and two other places in core. Would a new remove_removable_query_args() function make sense to make this more DRY?

#11 @westonruter
3 months ago

@swissspidy I think the cost of adding yet another global function outweighs the benefits of DRY in this case, since the duplicated code is almost inconsequential.

@westonruter
3 months ago

Refresh patch

#12 @westonruter
3 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 40313:

Customize: Prevent links to customize.php from being generated which have query vars from wp_removable_query_args() present.

Props dlh.
See #23367, #32692.
Fixes #31850.

#13 @westonruter
3 months ago

  • Keywords fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Re-opening for consideration in 4.7.4

#14 @swissspidy
3 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 40331:

Customize: Prevent links to customize.php from being generated which have query vars from wp_removable_query_args() present.

Props dlh.
See #23367, #32692.
Fixes #31850.

Merges [40313] to the 4.7 branch.

Note: See TracTickets for help on using tickets.