Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#38719 closed defect (bug) (fixed)

Prevent trashed customize_changeset posts from being erroneously mutated

Reported by: westonruter Owned by: westonruter
Milestone: 4.7 Priority: normal
Severity: normal Version:
Component: Customize Keywords: has-patch has-unit-tests
Focuses: Cc:

Description (last modified by westonruter)

When revisions support is not added for customize_changeset posts, then when a changeset is transitioned (from auto-draft) to the publish status, then it will immediately be transitioned to trash so that it will be garbage collected. There are two problems with this right now in core:

  1. If any of the JSON content has any strings containing HTML that kses doesn't like, it will get stripped when calling wp_trash_post() (if a privileged user is not logged in when published. e.g. during WP Cron). See #38715.
  2. The post_name is mutated by appending __trashed. This is problematic when someone bookmarks a customizer session. If they return to the session and the changeset has been published or trashed, they should be shown a notice to that effect. With the suffix being added, this then fails for trashed changesets.

See _wp_customize_publish_changeset() for where wp_trash_post() is called.

Attachments (2)

38719.wip.diff (1.1 KB) - added by westonruter 5 years ago.
38719.0.diff (5.2 KB) - added by westonruter 5 years ago.

Download all attachments as: .zip

Change History (6)

#1 @westonruter
5 years ago

  • Description modified (diff)
  • Owner set to westonruter
  • Status changed from new to accepted

#2 @westonruter
5 years ago

  • Description modified (diff)

#3 @westonruter
5 years ago

  • Keywords has-patch has-unit-tests added

#4 @westonruter
5 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 39180:

Customize: Prevent post_content and post_name from being modified when trashing customize_changeset posts.

See #30937.
Fixes #38719.

Note: See TracTickets for help on using tickets.