Opened 5 weeks ago
Last modified 2 weeks ago
#61796 new defect (bug)
Blank Page When $_GET['postId'] Does Not Exist in /wp-admin/site-editor.php
Reported by: | benniledl | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 6.6 |
Component: | Editor | Keywords: | has-patch |
Focuses: | Cc: |
Description
Hello,
In WordPress 6.6, there has been a change in behavior when the passed postId does not exist in /wp-admin/site-editor.php. Previously, the editor sidebar would appear as usual, while the page preview on the right would be blank. Users could simply click back in the editor sidebar and navigate to the desired content.
However, starting with version 6.6, the entire page becomes blank, which can be confusing for users. This issue might occur due to several reasons:
The content intended for editing has just been deleted.
The postId for the blog homepage, such as twentytwentyfourhome, gets modified for example by the waf due to concerns like path traversal, removing the double slash.
The editor should appear as usual even when the postId is invalid and just display an error message in the content preview.
Attachments (2)
Change History (9)
This ticket was mentioned in PR #7188 on WordPress/wordpress-develop by @mi5t4n.
4 weeks ago
#2
- Keywords has-patch added
Added validation for the postId
parameter in site-editor.php
to ensure that the post exists before proceeding. If the post ID is invalid or the post does not exist, the script will now terminate with an error message, preventing potential errors or unintended behavior.
Trac ticket: https://core.trac.wordpress.org/ticket/61796
@davidbaumwald commented on PR #7188:
4 weeks ago
#3
Though it's probably beyond the scope of the original ticket, I see a lot of duplication of isset( $_GET['postType'] )
and sanitize_key( $_GET['postType'] )
.
Wondering if we could have something like a default $current_post_type = false|null
then check and sanitize it once for reuse in the rest of the file. Same could pro be done for $_GET['postId']
and $_GET['path']
?
Could probably move the early nails a bit higher in the file as well, to save some unnecessary code running when it's not needed? Just based off a brief look, unless I am missing something, I don't see anything between lines 76 and 118 that is in any way dependent on any of the code running above.
#4
@
3 weeks ago
@benniledl
you can review, created a new patch 61796.patch, which will also work for draft and trash post
This ticket was mentioned in PR #7215 on WordPress/wordpress-develop by @iflairwebtechnologies.
3 weeks ago
#5
@benniledl commented on PR #7188:
3 weeks ago
#6
would be nice to have an error message for various post statuses as in #7215
Hello,
If we navigate to non-existtent postID on the site editor
/wp-admin/site-editor.php?postType=page&postId=99999
, the page preview page is stuck on loading, and a 404 not found is thrown on the Network Tab of the developer console.While on,
It does not get stuck and the URL
/wp-admin/site-editor.php?path=%2Fpage&canvas=view
is configured and shown if we travel to/wp-admin/site-editor.php?postType=page&postId=999999
, non-existent postId.