Make WordPress Core

Opened 8 years ago

Last modified 3 years ago

#40440 new defect (bug)

Save permalink without send form

Reported by: sebastianpisula's profile sebastian.pisula Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Rewrite Rules Keywords: has-patch close 2nd-opinion
Focuses: Cc:

Description

if somebody open wp-admin/options-permalink.php, .htaccess are genereate and save without click submit button.

I report this bug as security issue but during send messages with John Blackbourn we have determined that this isn't a security bug so I add ticket as public.

Attachments (1)

fix.patch (657 bytes) - added by sebastian.pisula 8 years ago.

Download all attachments as: .zip

Change History (9)

#1 @sebastian.pisula
8 years ago

  • Keywords has-patch added

#2 @lukecavanagh
8 years ago

fix.patch Patch applies cleanly and does fix that issue. Confirmed on a live site that .htaccess was being written to on permalink options load and not permlink options save.

#3 follow-up: @afercia
8 years ago

I think this has always been intentional. and not an issue per se. Maybe worth discussing on the whys.

See https://codex.wordpress.org/Settings_Permalinks_Screen

Note: Visiting the Permalinks screen triggers a flush of rewrite rules. There is no need to save just to flush the rewrite rules.

#4 @lukecavanagh
8 years ago

Seems like the default should be on save, rather than on load though?

https://codex.wordpress.org/Settings_Permalinks_Screen#Save_Changes

Last edited 8 years ago by lukecavanagh (previous) (diff)

#5 @sebastian.pisula
8 years ago

I think this is a bad thing because the record should be forced by the user.

Version 0, edited 8 years ago by sebastian.pisula (next)

#6 in reply to: ↑ 3 @SergeyBiryukov
8 years ago

Introduced in [1664], modified in [1752], [3373], [20023].

Replying to afercia:

I think this has always been intentional. and not an issue per se. Maybe worth discussing on the whys.

Right, this was mentioned in #forums last night, noted quite a few times here and there before, and has been somewhat of a hidden feature for 13 years :)

#7 @bradleyt
3 years ago

  • Keywords close 2nd-opinion added

Anecdotally I think after close to 2 decades of this behaviour, many people in the WordPress community know to expect this functionality, and changing the behaviour now could cause more confusion than it solves. Any change to functionaliy here needs to be very clearly communicated through dev-notes and the like.

I do profess to have been confused by this behaviour myself when I first started using WordPress's rewrite rule system, but on balance I'm not keen on this changing. Flushing rewrite rules should have a minor performance impact for most sites, options-permalink.php is unlikely to be a frequently visited part of the admin area, and given that plugins can and do frequently call flush_rewrite_rules from arbitrary points, any theme or plugin should be able to handle unexpected rewrite rule flushes.

Therefore I'd like to propose this ticket is closed as wontfix.

#8 @SergeyBiryukov
3 years ago

#54466 was marked as a duplicate.

Note: See TracTickets for help on using tickets.