Make WordPress Core

Opened 14 years ago

Closed 2 weeks ago

#15394 closed defect (bug) (duplicate)

Ancient "Are you sure you want to do this" now confusing

Reported by: ozh's profile ozh Owned by:
Milestone: Priority: normal
Severity: minor Version: 3.1
Component: Security Keywords: needs-patch dev-feedback
Focuses: Cc:

Description

The default failing nonce message did not pass the wife test. Asking "Are you sure you want to do this?" now that there is no longer "OK" and "Cancel" buttons is confusing and my wife just asked me "How do I tell I'm sure?"

Not sure about the best wording, I took the same approach as Twitter's expired OAuth token links with a message that does not let user think there is something to confirm.

Attachments (2)

ays-message.diff (759 bytes) - added by ozh 14 years ago.
sure.jpg (186.5 KB) - added by Presskopp 8 years ago.

Download all attachments as: .zip

Change History (25)

@ozh
14 years ago

#1 @ozh
14 years ago

  • Version set to 3.1

#2 @ocean90
14 years ago

  • Keywords ux-feedback added; semantics removed

#3 @nacin
14 years ago

  • Keywords 3.2-early added
  • Milestone changed from Awaiting Review to Future Release

+1.

#4 @hakre
14 years ago

+1 to fix, the old message was misleading.

#5 @azaozz
14 years ago

The "Link has expired" message is better than "Are you sure" but IMHO still quite vague for the average user. Perhaps it can be "This action has failed" as suggested in http://core.trac.wordpress.org/ticket/8552#comment:3.

Also it doesn't offer an action for the user to continue. As far as I can see nearly all legitimate nonce errors are caused by expired user login. Perhaps we can add a link to [site]/wp-admin (needs to be audited) or even go further and check if the user is logged in when generating the "nonce failed" message and show alternate explanation:

User logged in: "This action has failed. [Back to WordPress admin]
Login expired: "Your login has expired. Please [log in] again.

#6 @hakre
14 years ago

"That Request has expired and is not valid any longer. Please go back and start over."

If a login expires, isn't the user redirected to the login form already? "Reauth"

Related: #14060

#7 @ramiy
13 years ago

Related: #18218

#8 @toscho
12 years ago

  • Cc info@… added

#9 @scribu
12 years ago

  • Keywords needs-patch added; has-patch ays removed

As azaozz said, the wording in the current patch isn't too much of an improvement. It can be shown when submitting a form, for instance.

I don't think we need to provide any link. The Back button should be good enough.

#10 @c3mdigital
11 years ago

#21189 was marked as a duplicate.

#11 @nacin
11 years ago

  • Component changed from Warnings/Notices to Security

#12 @ericlewis
11 years ago

It sounds like we have two ways to go here.

We go down the rabbit hole, and attempt to give the user as much detail as we can about the issue. Whether they're logged in, whether the nonce failed, perhaps even what nonce, etc.

We give a blanket "this thing broke" error, and point them in the right direction of where to go from here.

#14 @chriscct7
9 years ago

  • Keywords dev-feedback added; 3.2-early removed
  • Severity changed from trivial to minor

#15 @ericlewis
9 years ago

What's the simplest way to reproduce this?

@Presskopp
8 years ago

#16 follow-up: @Presskopp
8 years ago

The question to the end is totally senseless here. It's senseless because it's a listing of errors, nothing to choose (yes/no), and even if I could, which one would I choose :) ?

#17 @karmatosed
8 years ago

As far as possible giving an actual thing you can do or next action is far better than a blanket message. The 'are you sure you want to do this' has always felt weird to me. We lead users to second guess and that's really not cool. I'm commenting to try and get some progress on this and see if we can get this worked on again.

This ticket was mentioned in Slack in #core-customize by paaljoachim. View the logs.


7 years ago

This ticket was mentioned in Slack in #design by karmatosed. View the logs.


6 years ago

#20 in reply to: ↑ 16 @boemedia
6 years ago

We discussed this ticket today in the WordPress design team and agree that the message is senseless. However, to bring up a suggestion to improve this message, it would help to figure out where and when the message appears. Is it possible to give us some steps taken to get to this message?

Replying to Presskopp:

The question to the end is totally senseless here. It's senseless because it's a listing of errors, nothing to choose (yes/no), and even if I could, which one would I choose :) ?

This ticket was mentioned in Slack in #design by karmatosed. View the logs.


6 years ago

#22 @karmatosed
6 years ago

  • Keywords ux-feedback removed

In this case, as design feedback has been given, let's remove that keyword for now.

#23 @johnbillion
2 weeks ago

  • Milestone Future Release deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Closing this as a duplicate of #38332 where this issue was ultimately fixed by replacing "Are you sure you want to do this?" with "The link you followed has expired".

See:

Note: See TracTickets for help on using tickets.