#11289 closed defect (bug) (fixed)
Logout Causes Internal Server Error
Reported by: | miqrogroove | Owned by: | |
---|---|---|---|
Milestone: | 2.9 | Priority: | high |
Severity: | critical | Version: | 2.8.4 |
Component: | General | Keywords: | has-patch tested |
Focuses: | Cc: |
Description
In IE I'm seeing a generic HTTP 500 page.
Depending on which other browser I use, I'm seeing one of these two responses:
HTTP/1.1 500 Internal Server Error
WordPress Failure Notice
You are attempting to log out of <site name>
Do you really want to log out?
Or:
You are attempting to log out of <site name>
Please try again.
Attachments (2)
Change History (10)
#2
@
15 years ago
I had to use HTTPSniffer to get an idea of what else is happening. At random intervals, WordPress dies at the TITLE element, and there is no output after that. o_O
#3
@
15 years ago
The patch from #8942 fails when certain chunk sizes are emitted after Transfer-Encoding: chunked. Random string output must be moved before any inline function calls to prevent chunking.
#4
@
15 years ago
- Keywords has-patch tested added
Patched files tested extensively on IE6 to eliminate the random "friendly errors", internal server errors, and missing nonces. Concerns with other browsers boiled down to whether or not a Referer header was sent because I was clicking links vs. pasting URLs in the address bar.
This might need to be split into multiple tickets.
IE is apparently hiding the "Do you really want to log out" link, which makes the nonce system more of a liability than a helpful security measure. A user unable to logout may be in worse shape than a user unintentionally logged out.
WordPress fails to even provide a nonce in some cases. The "Please try again" link references the previous page, with no nonce or explanation of what happened.