Skip to:
Content

Opened 21 months ago

Closed 20 months ago

Last modified 19 months ago

#7041 closed defect (bug) (fixed)

Can`t set 'Text size' in Email Customizer

Reported by: WeddyWood Owned by: dcavins
Milestone: 2.6 Priority: high
Severity: normal Version: 2.5.0
Component: Templates Keywords: has-patch commit
Cc:

Description

Text size changes only in online view, but value is not set.

Reason: in bp_email_get_customizer_settings function is wrong sanitize_callback

'intval'

If change it to empty string - everything works good.

''

Attachments (1)

7041.01.diff (1.3 KB) - added by dcavins 20 months ago.
Use absint() to validate integer inputs in the customizer.

Download all attachments as: .zip

Change History (7)

#1 @DJPaul
20 months ago

  • Milestone changed from Awaiting Review to 2.6
  • Priority changed from normal to high

Confirmed. I am baffled as to what's going on. To save time for the next person, these values are provided from the Customiser as a string, and the idea with intval is to coerce it to an integer. The updated value is not getting saved to the database (wp_options, key "bp_email_options").

This ticket was mentioned in Slack in #buddypress by dcavins. View the logs.


20 months ago

#3 @dcavins
20 months ago

  • Keywords has-patch added

Ouch. The reason that this fails is that the sanitization callback passed into the customizer setting definition is attached to a filter in WP_Customize_Setting::sanitize(). That filter passes two arguments to the sanitization callback: $value and the instance of WP_Customize_Setting. Since intval() can accept an optional second argument ($base), and $this is passed into it, it blows up.

Switching to the WP function absint(), which is only expecting one argument, works fine though. Patch attached.

Last edited 20 months ago by dcavins (previous) (diff)

@dcavins
20 months ago

Use absint() to validate integer inputs in the customizer.

#4 @r-a-y
20 months ago

  • Keywords commit added

Nice investigative work, @dcavins!

Should this also be part of 2.5.4?

#5 @dcavins
20 months ago

  • Owner set to dcavins
  • Resolution set to fixed
  • Status changed from new to closed

In 10814:

Use absint() to validate numeric input in the WP Customizer.

intval() fails when used with the WP
Customizer API as a sanitization callback.
The callback function is attached to
a filter in WP_Customize_Setting::sanitize()
that passes two arguments to the
sanitization callback: the $value to sanitize
and the instance of WP_Customize_Setting.
Since intval() can accept an optional
second argument ($base), but isn’t
expecting an object, it fails.
absint() works because it is only
expecting the $value argument.

Fixes #7041.

Props WeddyWood.

#6 @DJPaul
19 months ago

  • Component changed from Appearance - Template Parts to Templates
Note: See TracTickets for help on using tickets.