WordPress.org

Make WordPress Core

Opened 14 months ago

Closed 5 months ago

#36952 closed defect (bug) (fixed)

get_theme_mod called when getting the root value of a custom type

Reported by: jontis Owned by: dlh
Milestone: 4.7.3 Priority: normal
Severity: normal Version: 4.4
Component: Customize Keywords: has-patch has-unit-tests fixed-major
Focuses: Cc:

Description

Notice the else if statement

/* wp-includes/class-wp-customize-setting.php:533 */
protected function get_root_value( $default = null ) {
                $id_base = $this->id_data['base'];
                if ( 'option' === $this->type ) {
                        return get_option( $id_base, $default );
                } else if ( 'theme_mod' ) {
                        return get_theme_mod( $id_base, $default );
                } else {
                        /*
                         * Any WP_Customize_Setting subclass implementing aggregate multidimensional
                         * will need to override this method to obtain the data from the appropriate
                         * location.
                         */
                        return $default;
                }
        }

Same bug applies to set_root_value

This can cause the Customizer to fail loading with the error
"sprintf(): Too few arguments"
On the sprintf function in get_theme_mod if $default is a string containing more than two % (percentage symbols)

Attachments (2)

36952.diff (875 bytes) - added by dlh 6 months ago.
36952.2.diff (2.0 KB) - added by dlh 6 months ago.

Download all attachments as: .zip

Change History (15)

#1 follow-up: @ocean90
14 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed
  • Version 4.5.2 deleted

Hello @jontis, welcome to this Trac!

Thanks for your valid report. We're already tracking this issue in #34290.

#2 in reply to: ↑ 1 @jontis
14 months ago

Replying to ocean90:

Hello @jontis, welcome to this Trac!

Thanks for your valid report. We're already tracking this issue in #34290.

Issue #34290 does not mention the odd else if statement in get_root_value

<?php
else if ( 'theme_mod' )

This ticket was mentioned in Slack in #core-customize by dlh. View the logs.


6 months ago

@dlh
6 months ago

#4 @dlh
6 months ago

  • Resolution duplicate deleted
  • Status changed from closed to reopened

I might be misreading something, but it looks to me like @jontis is correct that this issue is not quite a duplicate of #34290. 36952.diff would update the two instances of if ( 'theme_mod' ) without comparisons to anything.

#5 @westonruter
6 months ago

  • Keywords has-patch needs-unit-tests added
  • Milestone set to 4.7.3
  • Version set to 4.4

Wow, youch! That is a sad bug in \WP_Customize_Setting::get_root_value()! Introduced by me (😳) in r35007 for #32103.

#6 @westonruter
6 months ago

@dlh would you be able to add unit tests to your patch to demonstrate the problem and the proven fix?

#7 @dlh
6 months ago

Yes, I should be able to in the next few days.

#8 @westonruter
6 months ago

  • Owner set to dlh
  • Status changed from reopened to assigned

@dlh
6 months ago

#9 @dlh
6 months ago

  • Keywords has-unit-tests added; needs-unit-tests removed

36952.2.diff amends the WP_Customize_Setting tests so that they trigger the bug in get_root_value().

Currently, core calls set_root_value() only in WP_Customize_Setting::update(), and even then, only after checking whether 'option' === $this->type || 'theme_mod' === $this->type. So, I think only a setting class with custom logic could trigger the set_root_value() bug. Let me know if you'd like me to add one to the tests.

#10 @westonruter
6 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 40036:

Customize: Ensure root values are accessible in multidimensional custom setting types.

Fixes bad conditions in WP_Customize_Setting::get_root_value() and WP_Customize_Setting::set_root_value().

Props dlh.
Amends [35007].
See #32103.
Fixes #36952.

#11 @westonruter
6 months ago

  • Keywords fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Re-opening for 4.7.3

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


6 months ago

#13 @dd32
5 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 40088:

Customize: Ensure root values are accessible in multidimensional custom setting types.

Fixes bad conditions in WP_Customize_Setting::get_root_value() and WP_Customize_Setting::set_root_value().

Props dlh, westonruter.
Amends [35007].
Merges [40036] to the 4.7 branch.
See #32103.
Fixes #36952.

Note: See TracTickets for help on using tickets.