admin comment search never resets URL, grows infinitely
|Reported by:||_ck_||Owned by:|
When searching from /wp-admin/edit-comments.php
the URL will grow infinitely and never reset to it's base.
To reproduce this bug, simply search comments several times and then examine the resulting URL )by copying it to an editor). It will be over 1000 characters easily, because it's simply appending the previous searches and previous nonces for no useful reason.
Instead the form should just use /wp-admin/edit-comments.php as it's submit base.
But that form should not be using GET in the first place.
Allowing overly long URLs is also a security problem as it can give a window for XSS attacks.
I wouldn't be surprised if this design flaw exists in other parts of WP admin but I'll leave that up to someone else who has more patience.
Change History (6)
- Component changed from Administration to Comments
- Focuses administration added