WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#12049 closed defect (bug) (fixed)

QuickPress POST request returns 403 forbidden error/WordPress failure notice. POST requests multiply when button is clicked again.

Reported by: beatpanda Owned by: azaozz
Milestone: 3.0 Priority: normal
Severity: major Version: 3.0
Component: Widgets Keywords: has-patch
Focuses: Cc:

Description

QuickPress appears to be broken in 3.0-alpha. A request is made to wp-admin/post.php, and the request returns the "WordPress Failure notice" page with the message "Are you sure you want to do this?"

Even weirder, if you click "publish" again, two POST requests are sent out, and if you click again it turns into 4. The spinner graphic also multiplies every time.

Attachments (1)

12049.diff (1.5 KB) - added by nacin 4 years ago.

Download all attachments as: .zip

Change History (4)

comment:1 beatpanda4 years ago

  • Milestone set to 3.0

nacin4 years ago

comment:2 nacin4 years ago

  • Keywords has-patch added

There used to be check_admin_referer('add_post'). Now it's "add_{$post_type}", which QuickPress doesn't specify.

The simple fix would be to have QuickPress also pass a post type. A bigger fix would be to always set $post_type to 'post' when otherwise not specified, and there may be a backwards compatibility argument for that, though that will require some refactoring.

Related #9674. Other recent QuickPress tickets that jump out when testing this are #11504 (E_NOTICEs) and #10680 (ugly placement of spinner).

comment:3 ryan4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [12874]) Set post_type for QuickPress publishing. Props nacin. fixes #12049

Note: See TracTickets for help on using tickets.