Ticket #2760 (closed defect (bug): fixed)

Opened 6 years ago

Last modified 6 years ago

Comment Editing Generates AYS

Reported by: markjaquith Owned by: markjaquith
Priority: high Milestone:
Component: Administration Version: 2.0.2
Severity: normal Keywords: has-patch commit
Cc:

Description (last modified by markjaquith) (diff)

Editing a comment generates an "Are you sure?" screen.

Version 2.0.3 (option not yet available in Trac)

This wouldn't be so bad if the AYS dialog didn't add slashes to any quote chars in the comment. #2761

Attachments

nonce-comment-editing.diff Download (342 bytes) - added by markjaquith 6 years ago.
Patch for 2.0.3
2760-2.0.diff Download (1.2 KB) - added by mdawaffe 6 years ago.
underscores for branches/2.0
2760-trunk.diff Download (1.2 KB) - added by mdawaffe 6 years ago.
underscores for trunk

Change History

comment:1   markjaquith6 years ago

  • Description modified (diff)

markjaquith6 years ago

Patch for 2.0.3

comment:2   markjaquith6 years ago

  • Keywords has-patch commit added
  • Owner changed from anonymous to markjaquith
  • Status changed from new to assigned

Patch fixes it. Problem should be obvious: 

wp_nonce_field('update-comment' . $comment->comment_ID)

vs 

check_admin_referer('update-comment');

thus, the nonce is invalid.

mdawaffe6 years ago

underscores for branches/2.0

mdawaffe6 years ago

underscores for trunk

comment:3   mdawaffe6 years ago

2760-2.0.diff

2760-trunk.diff

  1. Follow verb-noun_which convention for nonces.  http://trac.wordpress.org/ticket/2734#change_6

comment:4   ryan6 years ago

  • Status changed from assigned to closed
  • Resolution set to fixed

(In [3826]) Comment nonce fixes from Mark Jaquith and mdawaffe. fixes #2760

comment:5   ryan6 years ago

  • Resolution set to fixed

(In [3827]) Comment nonce fixes from Mark Jaquith and mdawaffe. fixes #2760

Note: See TracTickets for help on using tickets.