Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#13586 closed defect (bug) (fixed)

Updating custom fields fails

Reported by: ampt Owned by: nacin
Milestone: 3.0 Priority: normal
Severity: critical Version: 3.0
Component: General Keywords:
Focuses: Cc:


When trying to update a custom field for a post or page it fails to update the new value.

Undefined index: _ajax_nonce-add-meta in/wp-includes/pluggable.php on line 848

check_ajax_referer seems to be looking for _ajax_nonce-add-meta in $_REQUEST
when it actually has _ajax_nonce

Should there be an isset check on the $_REQUEST variable?

if ( isset($_REQUEST[$query_arg]) )
    $nonce = $_REQUEST[$query_arg];

Change History (6)

#1 @nacin
5 years ago

  • Owner set to nacin
  • Status changed from new to reviewing

#2 @nacin
5 years ago

  • Keywords reporter-feedback added
  • Severity changed from blocker to normal

I wrote this originally a few days ago, and tested it. I can't reproduce this. It looks like both _ajax_nonce and _ajax_nonce-add-meta is getting sent, though it should only be the latter. Point is, it should be set.


Any plugins? (Can you disable them and test?) Browser? Try an upgrade again? Of note, it also works fine with JS.

Lowering severity pending feedback.

#4 @ampt
5 years ago

I tested this on a fresh install from trunk with no plugins, fresh database. Also tested in Firefox, Safari & Chrome and I still seem to be getting the undefined index notice. The error message shows up in the ajax-response div.

Here is what I have getting sent:


I will keep looking into it

#5 @nacin
5 years ago

  • Keywords reporter-feedback removed
  • Severity changed from normal to critical

Works on add, not on update.

#6 @nacin
5 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

(In [15028]) Fix nonce check for updating custom fields. fixes #13586.

Note: See TracTickets for help on using tickets.