WordPress.org
Get WordPress

Make WordPress Core

Opened 19 years ago

Closed 19 years ago

Last modified 19 years ago

#2760 closed defect (bug) (fixed)

Comment Editing Generates AYS

Reported by: markjaquith's profile markjaquith Owned by: markjaquith's profile markjaquith
Milestone: Priority: high
Severity: normal Version: 2.0.2
Component: Administration Keywords: has-patch commit
Focuses: Cc:

Description (last modified by markjaquith)

Editing a comment generates an "Are you sure?" screen.

Version 2.0.3 (option not yet available in Trac)

This wouldn't be so bad if the AYS dialog didn't add slashes to any quote chars in the comment. #2761

Attachments (3)

nonce-comment-editing.diff (342 bytes) - added by markjaquith 19 years ago.
Patch for 2.0.3
2760-2.0.diff (1.2 KB) - added by mdawaffe 19 years ago.
underscores for branches/2.0
2760-trunk.diff (1.2 KB) - added by mdawaffe 19 years ago.
underscores for trunk

Download all attachments as: .zip

Change History (8)

#1 @markjaquith
19 years ago

  • Description modified (diff)

@markjaquith
19 years ago

Patch for 2.0.3

#2 @markjaquith
19 years ago

  • Keywords has-patch commit added
  • Owner changed from anonymous to markjaquith
  • Status changed from new to assigned

Patch fixes it. Problem should be obvious:

wp_nonce_field('update-comment' . $comment->comment_ID)

vs

check_admin_referer('update-comment');

thus, the nonce is invalid.

@mdawaffe
19 years ago

underscores for branches/2.0

@mdawaffe
19 years ago

underscores for trunk

#3 @mdawaffe
19 years ago

2760-2.0.diff

2760-trunk.diff

  1. Follow verb-noun_which convention for nonces. http://trac.wordpress.org/ticket/2734#change_6

#4 @ryan
19 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [3826]) Comment nonce fixes from Mark Jaquith and mdawaffe. fixes #2760

#5 @ryan
19 years ago

  • Resolution set to fixed

(In [3827]) Comment nonce fixes from Mark Jaquith and mdawaffe. fixes #2760

Note: See TracTickets for help on using tickets.