Make WordPress Core

Opened 2 years ago

Closed 15 months ago

#44108 closed enhancement (fixed)

wp-admin/load-styles.php returns 200 status code and empty response if required GET parameter is missing or invalid

Reported by: compilenix Owned by: SergeyBiryukov
Milestone: 5.3 Priority: low
Severity: major Version:
Component: Script Loader Keywords: has-patch dev-feedback needs-testing
Focuses: Cc:


It happend to me that a nginx reverse proxy did cut off all query parameters.
This resulted in no CSS and JS for the WP backend / login.

Because the request was manipulated by a (reverse-) proxy i wasn't able to see that the request passed to wordpress was indeed "invalid", beacuse the load[] parameter is required to do something meaningful.

I want to add a small patch which checks if the load[] parameter is set and is formally valid.
In the case where the load[] parameter isn't valid there should be an appropiate indicator that there is something wrong.
With this I'm aiming to make it easier, for a developer or system administrator, to find this kind of "error".

Attachments (1)

44108.diff (2.8 KB) - added by compilenix 2 years ago.

Download all attachments as: .zip

Change History (11)

2 years ago

This ticket was mentioned in Slack in #core-committers by compilenix. View the logs.

2 years ago

#2 @swissspidy
2 years ago

  • Component changed from General to Script Loader
  • Keywords has-patch dev-feedback needs-testing added

#3 @johnbillion
2 years ago

  • Milestone changed from Awaiting Review to 5.0
  • Owner set to johnbillion
  • Priority changed from normal to low
  • Severity changed from trivial to major
  • Status changed from new to reviewing
  • Version trunk deleted

Thanks for the patch, @compilenix, and welcome to WordPress Trac!

#4 @johnbillion
2 years ago

  • Milestone changed from 5.0 to 5.1

#5 @pento
22 months ago

  • Milestone changed from 5.1 to 5.2

Patch needs review and decision.

#6 @desrosj
19 months ago

  • Milestone changed from 5.2 to 5.3

This ticket has not received any attention during the 5.2 cycle. With beta
1 tomorrow, going to punt this to 5.3.

#7 @desrosj
19 months ago

This ticket has not received any attention during the 5.2 cycle. With beta 1 tomorrow, going to punt this to 5.3.

#8 @johnbillion
17 months ago

  • Owner johnbillion deleted

#9 @SergeyBiryukov
15 months ago

  • Owner set to SergeyBiryukov

#10 @SergeyBiryukov
15 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 45731:

Script Loader: Send a 400 Bad Request status code in load-scripts.php and load-styles.php if the required load[] parameter is not set.

Props compilenix.
Fixes #44108.

Note: See TracTickets for help on using tickets.