Opened 4 months ago
Last modified 8 weeks ago
#64545 reopened defect (bug)
Style Engine: Harden add_declaration against being passed illegal values
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | Future Release | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Editor | Keywords: | gutenberg-merge has-patch has-unit-tests |
| Focuses: | Cc: |
Description
Currently the add_declaration method assumes that it has been passed a string, when it might not have been.
I noticed on a website that someone had malformed block markup that nested margin within the spacing.padding object for a block, instead of having margin be a sibling to padding. These sorts of issues should generally fail silently rather than throwing an error.
It turns out that block spacing is passed on by the layout block support to the Style Engine, where it assumes the properties and values are correct.
We can harden against these sorts of circumstances by ensuring that the Style Engine bails early if it isn't given a string when adding a declaration.
This has already been fixed in Gutenberg, and this ticket proposes including the fix in core. The Gutenberg PR is: https://github.com/WordPress/gutenberg/pull/74881
Change History (13)
This ticket was mentioned in PR #10779 on WordPress/wordpress-develop by @andrewserong.
4 months ago
#1
- Keywords has-patch has-unit-tests added
#3
@
4 months ago
- Owner set to isabel_brison
- Resolution set to fixed
- Status changed from new to closed
In 61516:
#4
@
4 months ago
- Milestone changed from 7.0 to 6.9.1
- Resolution fixed deleted
- Status changed from closed to reopened
#5
@
4 months ago
- Keywords dev-feedback added
@jorbin @wildworks adding this bug to the milestone because it can cause fatal errors on the front end when block attributes are malformed. Thought it would be good to get it in! The patch is committed to trunk already but needs a double check from another committer to go into the release branch, right?
#6
@
4 months ago
it can cause fatal errors on the front end when block attributes are malformed.
If I understand correctly, this bug has been there since 6.1 when the WP_Style_Engine_CSS_Declarations class was introduced, right?
I don't have a strong opinion, but personally I don't think it's necessary to backport it to a minor release right now.
#7
@
4 months ago
Where there any changes in 6.9 that would make this easier to encounter? If not, I would agree with @wildworks that this isn't in scope for 6.9.1.
#8
@
4 months ago
Also, this is minor but I think the new test_should_reject_non_string_values test should use a dataProvidor and test each of the non string values seperatly so that it's always clear which case breaks if the underlying code is changed.
#9
@
4 months ago
- Keywords dev-feedback removed
- Milestone changed from 6.9.1 to 7.0
Where there any changes in 6.9 that would make this easier to encounter?
AFAIK, there wasn’t any such change in 6.9. Let's change the milestone to 7.0.
Also, this is minor but I think the new
test_should_reject_non_string_valuestest should use a dataProvidor and test each of the non string values seperatly so that it's always clear which case breaks if the underlying code is changed.
I'll leave this ticket open to address the feedback above.
This ticket was mentioned in Slack in #core by audrasjb. View the logs.
2 months ago
#11
@
2 months ago
- Version trunk deleted
As per toady's 7.0 bug scrub:
The trunk version is outdated. I'm moving it to Future Release and removing trunk.
This PR hardens
add_declarationin the Style Engine when passed non-string values. The changes are already in Gutenberg over in: https://github.com/WordPress/gutenberg/pull/74881Trac ticket: https://core.trac.wordpress.org/ticket/64545