Opened 7 years ago
Last modified 8 months ago
#47564 new defect (bug)
Protect against recursive customizer navigation menu data
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Future Release | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Customize | Keywords: | has-patch needs-test-info |
| Focuses: | Cc: |
Description (last modified by )
Recursive data can slip into navigation menu structure but client-script currently has no protection against, resulting in browser freezing when trying to edit navigation menus.
Attached patch changes getDepth() to keep track of parent navigation menu item ID to avoid recursion.
Attachments (1)
Change History (8)
#2
in reply to:
↑ 1
;
follow-up:
↓ 7
@
7 years ago
Replying to dlh:
Hey @donpark — thanks for submitting this report and patch. Are you able to provide steps to replicate the bug in core?
Only in context of a particular site on WordPress.com. And testing plan, detailed in the A8C internal Phabricator patch I mentioned (D29638-code), requires the tester be an Automattician.
Given these obstacles, I think this ticket is best assigned to an Automattician with WP.org commit privileage.
- Don
#3
follow-up:
↓ 4
@
7 years ago
- Version trunk deleted
OK. Speaking for myself, there's nothing I can do to "assign" the ticket to anyone. So, absent more information, I'm not sure what to do other than wait for an Automattician to volunteer to try to confirm that there's a bug in core and, if so, how to replicate it. (To that end, I'll leave the reporter-feedback tag on the ticket for now.)
#4
in reply to:
↑ 3
@
7 years ago
Replying to dlh:
OK. Speaking for myself, there's nothing I can do to "assign" the ticket to anyone. So, absent more information, I'm not sure what to do other than wait for an Automattician to volunteer to try to confirm that there's a bug in core and, if so, how to replicate it. (To that end, I'll leave the
reporter-feedbacktag on the ticket for now.)
Fair enough. I'll see if I can get someone here to pick up the baton. Thx for the help, David. :-)
#6
@
5 years ago
- Keywords needs-testing added; reporter-feedback removed
- Milestone changed from Awaiting Review to Future Release
fix_customizer_nav_menu_freeze.diff seems reasonable to me but I haven't dug into this part of the code for several years. Since it sounds like this surfaced as an issue on WP.com, it would be great if someone from Automattic could own testing and committing this patch.
#7
in reply to:
↑ 2
@
8 months ago
- Keywords needs-test-info added; needs-testing removed
Replying to donpark:
Only in context of a particular site on WordPress.com. And testing plan, detailed in the A8C internal Phabricator patch I mentioned (D29638-code), requires the tester be an Automattician.
If the tester requires being an "Automattician" as you say, this is not the place to report this. There are some WordPress.com forums specifically for these types of issues. If anyone from wordpress.com happens to isolate the problem, it can be brought here for further testing by any contributor.
This post should be left on hold until you have detailed instructions on how to reproduce this by anyone, anywhere, anywhen. Here are some ideas on how to build a Testing Use Case with, maybe, a minimal plugin that reproduces the problem (and your patch happens to solve it)
Hey @donpark — thanks for submitting this report and patch. Are you able to provide steps to replicate the bug in core?