Closed BenTangible closed 8 months ago
Oh interesting, I see how that could be a problem as you could wind up leaking whatever data your first template outputs if someone doesn't fill out a control. Very unlikely to be an issue, but an issue nonetheless.
@GabrielGallagher the workaround here is super simple, you just need to wrap the Template tag with some logic to check it, like <If control=control_name><Template name="{Get control=control_name}" /></If>
. But I figured that since there is an actual use case in which this bug occurs, we should address it when we can to avoid confusing issues where a seemingly random template gets rendered. And you're right, I guess it could be a security concern depending on the templates and how data is being passed between them.
It turns out this is a bug/quirk of the WordPress function get_posts()
. When the query parameter name
is an empty string, it returns any post.
I've filed a bug report in the WordPress issue tracker.
Meanwhile, this has been solved in the Template
tag.
This is the nichest of niche bugs that I discovered today, but I figured I'd post it for posterity. Turns out that when you write a
Template
tag with a blankname
attribute, like<Template name="" />
, L&L grabs the first template and renders it instead of just rendering no template. Interestingly, this doesn't seem to happen with theid
attribute and<Template id="" />
renders nothing, as expected.For a bit of extra context, this happened in a template where the value of the
name
attribute was being populated dynamically based on the value of a block control and that block control happened to be empty.