Skip to content

[5.x]: Provisional Drafts can reintroduce deleted site-specific content in multi-site setups #18292

New issue
New issue
Open
Open
[5.x]: Provisional Drafts can reintroduce deleted site-specific content in multi-site setups#18292
Labels
bug
@deeekay

Description

@deeekay
deeekay
opened on Jan 23, 2026

What happened?

Description

In a multi-site environment with concurrent users, provisional drafts created by one user can implicitly merge and later reapply site-specific content changes made by another user. This can result in deleted components being unintentionally restored when a provisional draft is saved, even though those components were already removed and saved by a different user.

Environment

  • Craft CMS multi-site setup
  • Two concurrent users with different permission scopes:
    • User A: Admin-level user with access to all sites
    • User B: Site-restricted user with access to a single site

Steps to reproduce

  1. User A opens an entry that exists across multiple sites and makes a change in the entry editor without saving (creating a provisional draft).
  2. User B switches to their assigned site and:
  • Adds a new component/block to the entry.
  • Leaves the component empty / invalid.
  • Does not save yet.
  1. User B navigates away from the entry editor and triggers a save action in another context (e.g. another site of the same entry).
  2. The empty / invalid component is now saved for User B’s site, even though it was not explicitly saved in the entry editor.
  3. User A reloads the entry editor and observes that the empty component has been merged into the provisional draft for User B’s site (without saving).
  4. User B:
  • Fills in the previously empty component.
  • Saves the entry.
  1. User A reloads the editor again and sees that the newly added content is now also reflected in the provisional draft for User B’s site (still without saving).
  2. User B deletes the component and saves the entry.
  3. User A reloads the editor and observes that the deleted component is still present in the provisional draft for User B’s site.
  4. User A saves the entry, applying the provisional draft.

Expected behavior

Saving an entry that has invalid content on any site the user has access to cannot be saved.

Actual behavior

Saving of invalid (e.g. empty content on mandatory fields) is possible potentially leading to content loss or invalid content.

Craft CMS version

5.8.21

PHP version

8.3

Operating system and version

No response

Database type and version

MariaDB 10.6

Image driver and version

No response

Installed plugins and versions

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions