WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#35355 closed defect (bug) (fixed)

Customizer should not try to return to the login screen

Reported by: celloexpressions Owned by: westonruter
Milestone: 4.4.2 Priority: normal
Severity: normal Version: 4.4
Component: Customize Keywords: has-patch commit fixed-major
Focuses: Cc:

Description

In #32637, we based the action of the Customizer close button on the referring URL. However, if the login URL is accessed on the way to the Customizer, this results in a mess of redirects and confusing behavior for the user (while also inducing fear that their changes were not saved/published).

The main reason I opened #32637 in the first place was for when someone has a Customizer link bookmarked or enters it directly; however, these are the very situations where they are most likely to need to log in first, causing this bug.

There are two options for fixing this behavior - adding something to prevent the login page from being accessed explicitly, or removing the behavior of trying to find the referrer entirely in favor of the preview URL and/or home URL fallbacks. It would probably be better to go with the first option, although my concern with that approach is that there may be other cases like that where returning to the referring URL causes problems.

Attachments (2)

35355.patch (845 bytes) - added by chandrapatel 2 years ago.
Exclude login page from referer page in customizer.
35355.2.diff (1.6 KB) - added by westonruter 2 years ago.

Download all attachments as: .zip

Change History (9)

@chandrapatel
2 years ago

Exclude login page from referer page in customizer.

#1 @chandrapatel
2 years ago

  • Keywords has-patch added; needs-patch removed

Hi @celloexpressions

Actually, I have added one array which contain pages name need to exclude from referer url. In future, We can add more pages name in that array to exclude from referer in customizer page.

I have uploaded patch file. Please check and let me know if its fine.

Regards, Chandra

#2 @celloexpressions
2 years ago

  • Owner set to westonruter
  • Status changed from new to reviewing

Patch looks good to me. Not too complex, so we may want to add it to 4.4.2 also.

@westonruter
2 years ago

#3 @westonruter
2 years ago

  • Keywords commit added
  • Milestone changed from 4.5 to 4.4.2

Good work guys. This is a bug I've noticed myself as well.

In 35355.2.diff I also included an update to the unit test to explicitly check that wp-login.php is excluded from being an allowed referrer.

#4 @westonruter
2 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 36261:

Customizer: Prevent erroneously directing user to login screen when closing.

Fixes issue where user gets stuck at login screen after trying to close the app if previously they had to first login to access the Customizer. Prevents WP_Customize_Manager::get_return_url() from using wp-login.php as a referer.

Props chandrapatel.
See #32637.
Fixes #35355.

#5 @westonruter
2 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Re-opening for 4.4.2 consideration.

#6 @dd32
2 years ago

  • Keywords fixed-major added

#7 @dd32
2 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 36363:

Customizer: Prevent erroneously directing user to login screen when closing.

Fixes issue where user gets stuck at login screen after trying to close the app if previously they had to first login to access the Customizer. Prevents WP_Customize_Manager::get_return_url() from using wp-login.php as a referer.

Merges [36261] to the 4.4 branch.
Props chandrapatel.
See #32637.
Fixes #35355.

Note: See TracTickets for help on using tickets.