id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
21277	Remove unused nonce fields in site-themes.php and site-users.php	jeremyfelt	nacin	"In [[changeset:16242]] from [[ticket:14897]], `check_admin_referer( 'edit-site' )` was removed during a massive reorg of site-themes.php. Additional nonce checks were added via the nonce audit in [[ticket:15969]], but the nonce field generation for the original edit-site was never removed. This currently results in the generation of two hidden inputs with `name=""_wp_nonce""`.

`check_admin_referer( 'edit-site' )` was also removed for site-users.php in [[changeset:16560]], but the 2 associated nonce field(s) remained. A 3rd 'edit-site' nonce field was added in [[changeset:16585]] when a new form was added, but that has been unnecessary.

The attached patch removes all 4 instances of `wp_nonce_field( 'edit-site' )` across site-themes.php and site-users.php as they are no longer required in either."	enhancement	closed	normal	3.5	Network Admin	3.1	trivial	fixed	has-patch commit