Opened 12 years ago
Closed 12 years ago
#21277 closed enhancement (fixed)
Remove unused nonce fields in site-themes.php and site-users.php
Reported by: | jeremyfelt | Owned by: | nacin |
---|---|---|---|
Milestone: | 3.5 | Priority: | normal |
Severity: | trivial | Version: | 3.1 |
Component: | Network Admin | Keywords: | has-patch commit |
Focuses: | multisite | Cc: |
Description
In 16242 from 14897, check_admin_referer( 'edit-site' )
was removed during a massive reorg of site-themes.php. Additional nonce checks were added via the nonce audit in 15969, but the nonce field generation for the original edit-site was never removed. This currently results in the generation of two hidden inputs with name="_wp_nonce"
.
check_admin_referer( 'edit-site' )
was also removed for site-users.php in 16560, but the 2 associated nonce field(s) remained. A 3rd 'edit-site' nonce field was added in 16585 when a new form was added, but that has been unnecessary.
The attached patch removes all 4 instances of wp_nonce_field( 'edit-site' )
across site-themes.php and site-users.php as they are no longer required in either.
In [21903]: