Make WordPress Core

Opened 11 years ago

Closed 9 years ago

#14336 closed defect (bug) (duplicate)

Link attributes such as target and title disappear when replying to comments from Dashboard

Reported by: iceflatline Owned by: garyc40
Milestone: Priority: normal
Severity: normal Version: 3.0
Component: Comments Keywords: has-patch needs-testing
Focuses: Cc:


Scenario: A reader posts a comment. I reply to that comment from the Dashboard. In my reply I provide a link and add additional link attributes such as target and title

Those additional link attributes disappear after selecting Submit Reply. Editing my reply and adding them back, then selecting Update usually fixes the problem, however even this solution is inconsistent, requiring me to repeat this step multiple times before the attributes will "stick."

Attachments (1)

garyc40.14336.diff (3.8 KB) - added by garyc40 10 years ago.
properly send the correct nonce for each comment being edited or replied to

Download all attachments as: .zip

Change History (5)

#1 @mdawaffe
10 years ago

  • Component changed from General to Comments
  • Keywords 3.2-early needs-patch added
  • Milestone changed from Awaiting Review to Future Release


The unfiltered_html nonce is based on the post_id but is generated only once both on the dashboard and on edit-comments.php.

Furthermore, on the dashboard, the post_id used is 0 since it's pulled from the global $post.

This means the nonce check in admin-ajax.php fails and KSES is always applied to comments.

See wp_comment_form_unfiltered_html_nonce() and $_POST['_wp_unfiltered_html_comment'].

#2 @garyc40
10 years ago

  • Owner set to garyc40
  • Status changed from new to assigned

10 years ago

properly send the correct nonce for each comment being edited or replied to

#3 @garyc40
10 years ago

  • Keywords has-patch needs-testing added; needs-patch removed

#4 @SergeyBiryukov
9 years ago

  • Keywords 3.2-early removed
  • Milestone Future Release deleted
  • Resolution set to duplicate
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.