Make WordPress Core

Opened 5 years ago

Closed 4 years ago

#14336 closed defect (bug) (duplicate)

Link attributes such as target and title disappear when replying to comments from Dashboard

Reported by: iceflatline Owned by: garyc40
Milestone: Priority: normal
Severity: normal Version: 3.0
Component: Comments Keywords: has-patch needs-testing
Focuses: Cc:


Scenario: A reader posts a comment. I reply to that comment from the Dashboard. In my reply I provide a link and add additional link attributes such as target and title

Those additional link attributes disappear after selecting Submit Reply. Editing my reply and adding them back, then selecting Update usually fixes the problem, however even this solution is inconsistent, requiring me to repeat this step multiple times before the attributes will "stick."

Attachments (1)

garyc40.14336.diff (3.8 KB) - added by garyc40 5 years ago.
properly send the correct nonce for each comment being edited or replied to

Download all attachments as: .zip

Change History (5)

comment:1 @mdawaffe5 years ago

  • Component changed from General to Comments
  • Keywords 3.2-early needs-patch added
  • Milestone changed from Awaiting Review to Future Release


The unfiltered_html nonce is based on the post_id but is generated only once both on the dashboard and on edit-comments.php.

Furthermore, on the dashboard, the post_id used is 0 since it's pulled from the global $post.

This means the nonce check in admin-ajax.php fails and KSES is always applied to comments.

See wp_comment_form_unfiltered_html_nonce() and $_POST['_wp_unfiltered_html_comment'].

comment:2 @garyc405 years ago

  • Owner set to garyc40
  • Status changed from new to assigned

@garyc405 years ago

properly send the correct nonce for each comment being edited or replied to

comment:3 @garyc405 years ago

  • Keywords has-patch needs-testing added; needs-patch removed

comment:4 @SergeyBiryukov4 years ago

  • Keywords 3.2-early removed
  • Milestone Future Release deleted
  • Resolution set to duplicate
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.