Make WordPress Core

Opened 15 years ago

Closed 15 years ago

#13586 closed defect (bug) (fixed)

Updating custom fields fails

Reported by: ampt's profile ampt Owned by: nacin's profile nacin
Milestone: 3.0 Priority: normal
Severity: critical Version: 3.0
Component: General Keywords:
Focuses: Cc:

Description

When trying to update a custom field for a post or page it fails to update the new value.

Undefined index: _ajax_nonce-add-meta in/wp-includes/pluggable.php on line 848

check_ajax_referer seems to be looking for _ajax_nonce-add-meta in $_REQUEST
when it actually has _ajax_nonce

Should there be an isset check on the $_REQUEST variable?

if ( isset($_REQUEST[$query_arg]) )
    $nonce = $_REQUEST[$query_arg];

Change History (6)

#1 @nacin
15 years ago

  • Owner set to nacin
  • Status changed from new to reviewing

#2 @nacin
15 years ago

  • Keywords reporter-feedback added
  • Severity changed from blocker to normal

I wrote this originally a few days ago, and tested it. I can't reproduce this. It looks like both _ajax_nonce and _ajax_nonce-add-meta is getting sent, though it should only be the latter. Point is, it should be set.

_ajax_nonce=0&action=add-meta&metakeyselect=Blah&metakeyinput=&metavalue=BLAH&_ajax_nonce-add-meta=a431bb01f8&post_id=139

Any plugins? (Can you disable them and test?) Browser? Try an upgrade again? Of note, it also works fine with JS.

Lowering severity pending feedback.

#4 @ampt
15 years ago

I tested this on a fresh install from trunk with no plugins, fresh database. Also tested in Firefox, Safari & Chrome and I still seem to be getting the undefined index notice. The error message shows up in the ajax-response div.

Here is what I have getting sent:

_ajax_nonce=1c8e646170&action=add-meta&meta%5B3%5D%5Bkey%5D=test&meta%5B3%5D%5Bvalue%5D=test-value&post_id=1

I will keep looking into it

#5 @nacin
15 years ago

  • Keywords reporter-feedback removed
  • Severity changed from normal to critical

Works on add, not on update.

#6 @nacin
15 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

(In [15028]) Fix nonce check for updating custom fields. fixes #13586.

Note: See TracTickets for help on using tickets.