Opened 15 years ago
Closed 15 years ago
#12049 closed defect (bug) (fixed)
QuickPress POST request returns 403 forbidden error/WordPress failure notice. POST requests multiply when button is clicked again.
Reported by: | beatpanda | Owned by: | azaozz |
---|---|---|---|
Milestone: | 3.0 | Priority: | normal |
Severity: | major | Version: | 3.0 |
Component: | Widgets | Keywords: | has-patch |
Focuses: | Cc: |
Description
QuickPress appears to be broken in 3.0-alpha. A request is made to wp-admin/post.php, and the request returns the "WordPress Failure notice" page with the message "Are you sure you want to do this?"
Even weirder, if you click "publish" again, two POST requests are sent out, and if you click again it turns into 4. The spinner graphic also multiplies every time.
Attachments (1)
Change History (4)
Note: See
TracTickets for help on using
tickets.
There used to be check_admin_referer('add_post'). Now it's "add_{$post_type}", which QuickPress doesn't specify.
The simple fix would be to have QuickPress also pass a post type. A bigger fix would be to always set $post_type to 'post' when otherwise not specified, and there may be a backwards compatibility argument for that, though that will require some refactoring.
Related #9674. Other recent QuickPress tickets that jump out when testing this are #11504 (E_NOTICEs) and #10680 (ugly placement of spinner).