Make WordPress Core

Opened 6 years ago

Last modified 5 years ago

#45755 reviewing defect (bug)

Theme Editor WSOD functionality doesn't work with Multisite

Reported by: dd32's profile dd32 Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 4.9
Component: Networks and Sites Keywords: has-patch needs-refresh
Focuses: multisite Cc:

Description

The WSOD prevention code for the Theme & Plugin Editors don't work correctly for Multisite installations, which causes the entire feature to fail to update files.

The problem is caused by wp_edit_theme_plugin_file() which uses /wp-admin/admin-ajax.php on multisite (we don't have a network admin ajax handler) and subsequently calls admin_url( 'theme-editor.php' ); which will ultimately be a URL which redirects to wp-admin/network/theme-editor.php and thus fail the checks placed upon the response (loopback_request_failed).

Instead of using admin_url( 'theme-editor.php' ) it can be done like so:

// Theme Editor on Multisite is always network-wide
is_multisite() ? network_admin_url( 'theme-editor.php' ) : admin_url( 'theme-editor.php' )

Unfortunately as admin-ajax.php has no context of whether it's being called from a Network Admin, self_admin_url() isn't a viable option here.

Attachments (1)

45755.diff (1.2 KB) - added by spacedmonkey 6 years ago.

Download all attachments as: .zip

Change History (12)

@spacedmonkey
6 years ago

#1 @spacedmonkey
6 years ago

@dd32 Tested a fix for this and seems to work.

#2 @dd32
6 years ago

  • Keywords has-patch commit added

@spacedmonkey That looks logically the same as what I hacked in for this specific site while working on it!

#3 @ocean90
6 years ago

#44514 was marked as a duplicate.

#4 @desrosj
6 years ago

  • Milestone changed from Awaiting Review to 5.2
  • Owner set to desrosj
  • Status changed from new to reviewing

This ticket was mentioned in Slack in #core-multisite by desrosj. View the logs.


6 years ago

#6 @desrosj
6 years ago

  • Keywords needs-refresh added; commit removed
  • Milestone changed from 5.2 to Future Release

Gave this some testing today. I am noticing the following with the current patch:

Before applying patch when introducing a fatal error and clicking save:

  1. Editing a plugin that is active on the primary site: the error is correctly flagged and prevented, but valid edits do not save.
  2. Editing a plugin that is not active on the primary site but active on a secondary site: the error is not flagged and gets saved (causing WSOD), valid edits are not saved.
  3. Editing a network active plugin: the error is not flagged and gets saved (causing WSOD), valid edits save correctly.
  4. Editing a theme that is active on the primary site: the error is correctly flagged and prevented, valid edits fail.
  5. Editing a theme that is not active on the primary site but active on a secondary site: the error is not flagged and gets saved (causing WSOD), valid edits save correctly.
  6. Editing a network activated theme active on the primary site: the error is correctly flagged, valid edits are not saved.
  7. Editing a network activated theme not active on the primary site but active on a secondary site: the error is not flagged and gets saved (causing WSOD), valid edits are saved.

After applying patch when introducing a fatal error and clicking save:

  1. Editing a plugin that is active on the primary site: the error is correctly flagged, valid edits save correctly.
  2. Editing a plugin that is not active on the primary site but active on a secondary site: the error is not flagged and gets saved (causing WSOD), valid edits save correctly.
  3. Editing a network active plugin: the error is not flagged and gets saved (causing WSOD), valid edits save correctly.
  4. Editing a theme that is active on the primary site: the error is correctly flagged, valid edits save correctly.
  5. Editing a theme that is not active on the primary site but active on a secondary site: the error is not flagged and gets saved (causing WSOD), valid edits save correctly.
  6. Editing a network activated theme active on the primary site: the error is correctly flagged and prevented, valid edits save correctly.
  7. Editing a network activated theme not active on the primary site but active on a secondary site: the error is not flagged and gets saved (causing WSOD), valid edits save correctly.

45755.diff will allow valid edits to save correctly in scenarios 1, 2, 3, 4 & 6, but it does not address fatal errors not being caught correctly in scenarios 2, 3, 5 & 7. While these are not new bugs, it would introduce the scenario of inadvertently saving a fatal error in certain scenarios. In these scenarios, it will not be immediately apparent that a fatal error has been introduced. Someone will most likely not visit a secondary site to test the edit if the admin gives them a success notice.

Because of this, I think we should hold off on committing 45755.diff until we can come up with a better fix that also accounts for the other scenarios.

#7 @desrosj
6 years ago

  • Owner desrosj deleted

#8 @desrosj
6 years ago

Also, for the next person. This is related to the plugin and theme editors in the admin and in no way related to the Servehappy WSOD protection. With that being so fresh in my mind, it took me a little while to make that distinction. Hopefully this helps the next person!

#9 @ocean90
5 years ago

#43145 was marked as a duplicate.

#10 @ocean90
5 years ago

#49996 was marked as a duplicate.

#11 @SergeyBiryukov
5 years ago

Just noting the is_multisite() checks in 45755.diff seem redundant, network_admin_url() can just be used directly. It has the same check, is available on single site, and falls back to admin_url() there.

Note: See TracTickets for help on using tickets.