Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Site Editor: Validate the postType query argument #36706

Merged
merged 1 commit into from
Nov 23, 2021
Merged

Site Editor: Validate the postType query argument #36706

merged 1 commit into from
Nov 23, 2021

Conversation

noisysocks
Copy link
Member

Description

Fixes https://github.com/WordPress/gutenberg/pull/36379/files#r753949616.

This bails if an invalid post type is provided via the postType query argument when loading the Site Editor's list view.

How has this been tested?

  1. Open the site editor.
  2. Click on the W menu.
  3. Browse to Templates.
  4. Change the postType argument in the URL to some gibberish e.g. asdf.
  5. An error should appear.

Checklist:

  • My code is tested.
  • My code follows the WordPress code style.
  • My code follows the accessibility standards.
  • I've tested my changes with keyboard and screen readers.
  • My code has proper inline documentation.
  • I've included developer documentation if appropriate.
  • I've updated all React Native files affected by any refactorings/renamings in this PR (please manually search all *.native.js files for terms that need renaming or removal).

@noisysocks noisysocks added [Type] Bug An existing feature does not function as intended [Feature] Site Editor Related to the overarching Site Editor (formerly "full site editing") Backport to WP 6.7 Beta/RC Pull request that needs to be backported to the WordPress major release that's currently in beta labels Nov 22, 2021
@noisysocks noisysocks mentioned this pull request Nov 22, 2021
Merged
23 tasks
kevin940726
kevin940726 approved these changes Nov 22, 2021
View reviewed changes
Copy link
Member

@kevin940726 kevin940726 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@talldan
Copy link
Contributor

talldan commented Nov 22, 2021

Do you think it's worth checking that it's one of the post types that the screen is intended for (wp_template or wp_template_part)?

@noisysocks noisysocks mentioned this pull request Nov 22, 2021
Closed
@noisysocks
Copy link
Member Author

noisysocks commented Nov 22, 2021
edited
Loading

Do you think it's worth checking that it's one of the post types that the screen is intended for (wp_template or wp_template_part)?

I think it's okay to not check this as edit.php doesn't do any validation beyond what I'm adding here. Really all that I'm concerned about is validating that there's nothing nasty in the query param e.g. HTML.

Plus, it's kind of neat? 😂 I could see us one day (ab)using this for reusable blocks or something.

Screen Shot 2021-11-22 at 5 22 51 pm

@noisysocks noisysocks force-pushed the fix/validate-post-type-on-list-page branch from 78ed091 to 86e13c6 Compare November 23, 2021 01:04
@noisysocks noisysocks merged commit ae2be61 into trunk Nov 23, 2021
@noisysocks noisysocks deleted the fix/validate-post-type-on-list-page branch November 23, 2021 03:47
@github-actions github-actions bot added this to the Gutenberg 12.1 milestone Nov 23, 2021
@noisysocks noisysocks removed the Backport to WP 6.7 Beta/RC Pull request that needs to be backported to the WordPress major release that's currently in beta label Nov 23, 2021
noisysocks added a commit that referenced this pull request Nov 23, 2021
@noisysocks
Validate the postType query arg in list page (#36706)
0f3aa2f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kevin940726 kevin940726 kevin940726 approved these changes

Assignees
No one assigned
Labels
[Feature] Site Editor Related to the overarching Site Editor (formerly "full site editing") [Type] Bug An existing feature does not function as intended
Projects
None yet
Milestone
Gutenberg 12.1
Development

Successfully merging this pull request may close these issues.
3 participants
@noisysocks @talldan @kevin940726