Skip to:
Content

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#7041 closed defect (bug) (fixed)

Can`t set 'Text size' in Email Customizer

Reported by: WeddyWood Owned by: dcavins
Milestone: 2.6 Priority: high
Severity: normal Version: 2.5.0
Component: Templates Keywords: has-patch commit
Cc:

Description

Text size changes only in online view, but value is not set.

Reason: in bp_email_get_customizer_settings function is wrong sanitize_callback

'intval'

If change it to empty string - everything works good.

''

Attachments (1)

7041.01.diff (1.3 KB) - added by dcavins 2 years ago.
Use absint() to validate integer inputs in the customizer.

Download all attachments as: .zip

Change History (7)

#1 @DJPaul
2 years ago

  • Milestone changed from Awaiting Review to 2.6
  • Priority changed from normal to high

Confirmed. I am baffled as to what's going on. To save time for the next person, these values are provided from the Customiser as a string, and the idea with intval is to coerce it to an integer. The updated value is not getting saved to the database (wp_options, key "bp_email_options").

This ticket was mentioned in Slack in #buddypress by dcavins. View the logs.


2 years ago

#3 @dcavins
2 years ago

  • Keywords has-patch added

Ouch. The reason that this fails is that the sanitization callback passed into the customizer setting definition is attached to a filter in WP_Customize_Setting::sanitize(). That filter passes two arguments to the sanitization callback: $value and the instance of WP_Customize_Setting. Since intval() can accept an optional second argument ($base), and $this is passed into it, it blows up.

Switching to the WP function absint(), which is only expecting one argument, works fine though. Patch attached.

Last edited 2 years ago by dcavins (previous) (diff)

@dcavins
2 years ago

Use absint() to validate integer inputs in the customizer.

#4 @r-a-y
2 years ago

  • Keywords commit added

Nice investigative work, @dcavins!

Should this also be part of 2.5.4?

#5 @dcavins
2 years ago

  • Owner set to dcavins
  • Resolution set to fixed
  • Status changed from new to closed

In 10814:

Use absint() to validate numeric input in the WP Customizer.

intval() fails when used with the WP
Customizer API as a sanitization callback.
The callback function is attached to
a filter in WP_Customize_Setting::sanitize()
that passes two arguments to the
sanitization callback: the $value to sanitize
and the instance of WP_Customize_Setting.
Since intval() can accept an optional
second argument ($base), but isn’t
expecting an object, it fails.
absint() works because it is only
expecting the $value argument.

Fixes #7041.

Props WeddyWood.

#6 @DJPaul
2 years ago

  • Component changed from Appearance - Template Parts to Templates
Note: See TracTickets for help on using tickets.