Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#16188 closed defect (bug) (fixed)

Need ajax referer checks for linking and list tables

Reported by: nacin Owned by:
Priority: high Milestone: 3.1
Component: Administration Version: 3.1
Severity: normal Keywords: dev-reviewed commit
Cc: westi

Description


Attachments (2)

16188.linking.diff (1.4 KB) - added by nacin 2 years ago.
16188.diff (2.9 KB) - added by nacin 2 years ago.

Download all attachments as: .zip

Change History (10)

comment:1   westi2 years ago

  • Cc westi added
  • Component changed from General to Administration
  • Priority changed from normal to high

nacin2 years ago

comment:2   westi2 years ago

  • Keywords dev-reviewed commit added

Looks great

nacin2 years ago

comment:3   westi2 years ago

Second patch looks good too

Would move the check_ajax_referer call before we bother setting up current_screen

comment:4   nacin2 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [17255]) Nonce checks for internal linking and list table ajax. fixes #16188.

comment:5   scribu2 years ago

Nitpicking re [17255]: The wplink script version should be 2011, not 2010.

comment:6   scribu2 years ago

Oh, and the list-table script version should be updated as well.

comment:7   westi2 years ago

(In [17257]) Fix wplink version. Bump list-table version. Fixes #16188 props scribu.

comment:8   nacin2 years ago

(In [17262]) Add nonces to instances where the list table display() method is overridden. see #16188.

Note: See TracTickets for help on using tickets.