WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#15922 closed defect (bug) (fixed)

WP_MS_Themes_List_Table plural

Reported by: scribu Owned by: ocean90
Milestone: 3.1 Priority: normal
Severity: minor Version:
Component: Security Keywords: needs-patch
Focuses: Cc:

Description

Currently, the plural is set to 'plugins'. This is a hack to avoid duplicating CSS.

The problem is that the plural is used for generating the nonce too.

The attached patch limits the hack to only the CSS class, allowing the correct nonce to be generated and checked.

Attachments (2)

15922.diff (731 bytes) - added by scribu 6 years ago.
15922.css1.patch (5.8 KB) - added by ocean90 6 years ago.

Download all attachments as: .zip

Change History (15)

@scribu
6 years ago

#1 @westi
6 years ago

Can we not just add themes to the CSS file in the relevant places too?

#2 @ocean90
6 years ago

  • Owner set to ocean90
  • Status changed from new to assigned

@ocean90
6 years ago

#3 @ocean90
6 years ago

15922.css1.patch is the first pass.

(Discussion on IRC)

#4 @scribu
6 years ago

I hesitated to add the styles, since I think it would be better if we had a single, generic 'themesorplugins' class (with a better name obviously).

#5 follow-up: @ocean90
6 years ago

Decision from scribu, JohnONolan and me. Keep the .plugins class and add instead of the .themes class a more generic class name, which wil will use for the plugins and themes list. Suggestions?

(Sitenote: We need to find a way to deprecate CSS).

Version 0, edited 6 years ago by ocean90 (next)

#6 in reply to: ↑ 5 @ryan
6 years ago

Replying to ocean90:

Decision from scribu, JohnONolan and me. Keep the .plugins class and add instead of the .themes class a more generic class name, which wil will use for the plugins and themes list. Suggestions?

Fine by me.

#7 @ryan
6 years ago

Per IRC discussion, we're going with the simple, conservative 15922.diff patch and whatever nonce fixes that requires.

#8 @nacin
6 years ago

I believe 15922.diff fixes the nonces, yes?

#9 @scribu
6 years ago

The 'bulk-themes' nonce is already set in /network/themes.php but it doesn't seem to be checked anywhere. If it were, there would be some errors, without this patch.

#10 @ryan
6 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [17115]) Set the correct plural. Use plugins class on the table. Props scribu. fixes #15922

#11 @scribu
6 years ago

  • Keywords needs-patch added; has-patch removed
  • Resolution fixed deleted
  • Status changed from closed to reopened

As stated above, the nonce check is missing.

#12 @ryan
6 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [17121]) Check bulk-themes nonce before bulk delete. fixes #15922

#13 @ryan
6 years ago

There are other places that need nonces. We can audit them in a dedicated ticket.

Note: See TracTickets for help on using tickets.