WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 4 months ago

#47564 new defect (bug)

Protect against recursive customizer navigation menu data

Reported by: donpark Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Customize Keywords: has-patch needs-testing
Focuses: Cc:

Description (last modified by dd32)

Recursive data can slip into navigation menu structure but client-script currently has no protection against, resulting in browser freezing when trying to edit navigation menus.

Attached patch changes getDepth() to keep track of parent navigation menu item ID to avoid recursion.

Attachments (1)

fix_customizer_nav_menu_freeze.diff (835 bytes) - added by donpark 2 years ago.

Download all attachments as: .zip

Change History (7)

#1 follow-up: @dlh
2 years ago

  • Keywords reporter-feedback added

Hey @donpark — thanks for submitting this report and patch. Are you able to provide steps to replicate the bug in core?

#2 in reply to: ↑ 1 @donpark
2 years ago

Replying to dlh:

Hey @donpark — thanks for submitting this report and patch. Are you able to provide steps to replicate the bug in core?

Only in context of a particular site on WordPress.com. And testing plan, detailed in the A8C internal Phabricator patch I mentioned (D29638-code), requires the tester be an Automattician.

Given these obstacles, I think this ticket is best assigned to an Automattician with WP.org commit privileage.

  • Don

#3 follow-up: @dlh
2 years ago

  • Version trunk deleted

OK. Speaking for myself, there's nothing I can do to "assign" the ticket to anyone. So, absent more information, I'm not sure what to do other than wait for an Automattician to volunteer to try to confirm that there's a bug in core and, if so, how to replicate it. (To that end, I'll leave the reporter-feedback tag on the ticket for now.)

#4 in reply to: ↑ 3 @donpark
2 years ago

Replying to dlh:

OK. Speaking for myself, there's nothing I can do to "assign" the ticket to anyone. So, absent more information, I'm not sure what to do other than wait for an Automattician to volunteer to try to confirm that there's a bug in core and, if so, how to replicate it. (To that end, I'll leave the reporter-feedback tag on the ticket for now.)

Fair enough. I'll see if I can get someone here to pick up the baton. Thx for the help, David. :-)

#5 @dd32
2 years ago

  • Description modified (diff)

#6 @celloexpressions
4 months ago

  • Keywords needs-testing added; reporter-feedback removed
  • Milestone changed from Awaiting Review to Future Release

fix_customizer_nav_menu_freeze.diff seems reasonable to me but I haven't dug into this part of the code for several years. Since it sounds like this surfaced as an issue on WP.com, it would be great if someone from Automattic could own testing and committing this patch.

Note: See TracTickets for help on using tickets.