Opened 8 years ago
Last modified 3 years ago
#40440 new defect (bug)
Save permalink without send form
Reported by: | sebastian.pisula | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Rewrite Rules | Keywords: | has-patch close 2nd-opinion |
Focuses: | Cc: |
Description
if somebody open wp-admin/options-permalink.php, .htaccess are genereate and save without click submit button.
I report this bug as security issue but during send messages with John Blackbourn we have determined that this isn't a security bug so I add ticket as public.
Attachments (1)
Change History (9)
#3
follow-up:
↓ 6
@
8 years ago
I think this has always been intentional. and not an issue per se. Maybe worth discussing on the whys.
See https://codex.wordpress.org/Settings_Permalinks_Screen
Note: Visiting the Permalinks screen triggers a flush of rewrite rules. There is no need to save just to flush the rewrite rules.
#4
@
8 years ago
Seems like the default should be on save, rather than on load though?
https://codex.wordpress.org/Settings_Permalinks_Screen#Save_Changes
#5
@
8 years ago
I think this is a bad thing because the record should be forced by the user.
#6
in reply to:
↑ 3
@
8 years ago
Introduced in [1664], modified in [1752], [3373], [20023].
Replying to afercia:
I think this has always been intentional. and not an issue per se. Maybe worth discussing on the whys.
Right, this was mentioned in #forums last night, noted quite a few times here and there before, and has been somewhat of a hidden feature for 13 years :)
#7
@
3 years ago
- Keywords close 2nd-opinion added
Anecdotally I think after close to 2 decades of this behaviour, many people in the WordPress community know to expect this functionality, and changing the behaviour now could cause more confusion than it solves. Any change to functionaliy here needs to be very clearly communicated through dev-notes and the like.
I do profess to have been confused by this behaviour myself when I first started using WordPress's rewrite rule system, but on balance I'm not keen on this changing. Flushing rewrite rules should have a minor performance impact for most sites, options-permalink.php
is unlikely to be a frequently visited part of the admin area, and given that plugins can and do frequently call flush_rewrite_rules
from arbitrary points, any theme or plugin should be able to handle unexpected rewrite rule flushes.
Therefore I'd like to propose this ticket is closed as wontfix.
fix.patch Patch applies cleanly and does fix that issue. Confirmed on a live site that .htaccess was being written to on permalink options load and not permlink options save.