Settings page is inaccessible if other plugins add $_POST data

  • Resolved outis

    (@outis)


    5 years, 2 months ago

    # Description
    When accessing the settings page through the admin menu (or any other link to it), I would get a nearly blank page with the message:

    The link you followed has expired.
    Please try again.

    The “Please try again” link would be to the previous page.

    In many cases, this message can be caused by running out of available memory for the script. This turned out not to be the case here, as profiling revealed the page only used about 80M, and the server had a memory limit of 384M.

    # Cause
    This was basically due to a plugin conflict. WC_Admin_Menus->settings_page_init() calls WC_Admin_Settings::save() if $_POST is non-empty, and another plugin had added some entries to $_POST.

    # Fix
    Besides a fix for the other plugin not to populate $_POST, it would be good to implement a fix in WooCommerce as a defensive measure, and to improve general compatibility. Instead of simply checking whether $_POST is empty, it could check for the presence of some key in $_POST that is set when saving changes. Nicely enough, the “Save Changes” button provides one. The following patch illustrates this approach:

    --- includes/admin/class-wc-admin-menus.php.orig	2019-01-24 19:16:44.000000000 -0800
+++ includes/admin/class-wc-admin-menus.php	2019-01-24 19:17:16.000000000 -0800
@@ -98,7 +98,7 @@
 		$current_section = empty( $_REQUEST['section'] ) ? '' : sanitize_title( wp_unslash( $_REQUEST['section'] ) ); // WPCS: input var okay, CSRF ok.
 
 		// Save settings if data has been posted.
-		if ( '' !== $current_section && apply_filters( "woocommerce_save_settings_{$current_tab}_{$current_section}", ! empty( $_POST ) ) ) { // WPCS: input var okay, CSRF ok.
+		if ( '' !== $current_section && apply_filters( "woocommerce_save_settings_{$current_tab}_{$current_section}", ! empty( $_POST['save'] ) ) ) { // WPCS: input var okay, CSRF ok.
 			WC_Admin_Settings::save();
 		} elseif ( '' === $current_section && apply_filters( "woocommerce_save_settings_{$current_tab}", ! empty( $_POST ) ) ) { // WPCS: input var okay, CSRF ok.
 			WC_Admin_Settings::save();
    • This topic was modified 5 years, 2 months ago by outis. Reason: code formatting
    • This topic was modified 5 years, 2 months ago by outis. Reason: added note about memory usage
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support con

    (@conschneider)

    Engineer

    5 years, 2 months ago

    Hi @outis,

    Thank you for your input.
    This looks like something more suited for the WooCommerce GitHub repository, maybe tagged as Enhancement Suggestion.

    I am marking this as resolved, but feel free to follow up or open a new thread anytime.

    Thread Starter outis

    (@outis)

    5 years, 2 months ago

    I was not aware the WooCommerce plugin was on github. I’ll fork & submit a pull request there. Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Settings page is inaccessible if other plugins add $_POST data’ is closed to new replies.