WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 2 years ago

Last modified 2 years ago

#18936 closed defect (bug) (fixed)

Site Themes Administration Screen doesn't work properly with referers disabled

Reported by: Viper007Bond Owned by: nacin
Milestone: 3.3 Priority: normal
Severity: normal Version: 3.3
Component: Administration Keywords: has-patch
Focuses: Cc:

Description

Disable sending a referer header, then visit /wp-admin/network/site-themes.php?id=XXXXXX and enable a theme. You get redirected to site-themes.php?enabled=1 because no referer is passed in the hyperlink and one isn't sent by the browser.

Solution is to either include the referer in each (dis|en)able link or to have the $referer used in the wp_redirect() always add in the ID to the URL.

I opted for the second.

There are probably other places where this happens too -- where we rely too much on the referer to construct the redirect URL and provide the required arguments.

Attachments (1)

18936.patch (584 bytes) - added by Viper007Bond 3 years ago.
Needs testing

Download all attachments as: .zip

Change History (5)

Viper007Bond3 years ago

Needs testing

comment:1 Viper007Bond3 years ago

  • Keywords needs-testing added

comment:2 Viper007Bond3 years ago

  • Keywords needs-testing removed

Nevermind. Tested this on WP.com and it works as expected.

comment:3 nacin2 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [19293]:

Pass 'id' on network/site-themes in the case of disabled referers. props Viper007Bond, fixes #18936.

comment:4 SergeyBiryukov2 years ago

  • Milestone changed from Awaiting Review to 3.3
Note: See TracTickets for help on using tickets.