Opened 11 years ago
Closed 11 years ago
#27798 closed defect (bug) (fixed)
Nonce failure when installing theme via FTP filesystem method
Reported by: | ocean90 | Owned by: | nacin |
---|---|---|---|
Milestone: | 3.9 | Priority: | highest omg bbq |
Severity: | blocker | Version: | 3.9 |
Component: | Themes | Keywords: | has-patch |
Focuses: | Cc: |
Description
Original report: http://wordpress.org/support/topic/theme-install-fails-in-39rc1
To force FTP you can use
add_filter( 'filesystem_method', function( $method ) { return 'ftpext'; } );
Steps to reproduce:
- Go to wp-admin/theme-install.php
- Select a theme and install
- Enter FTP credentials (wp-admin/update.php?action=install-theme&theme=itek&_wpnonce=3cbbfc5a2d)
- Click "Proceed"
- Failure. (wp-admin/update.php?action=install-theme&theme=itek&_wpnonce=d1c34b4560)
Uploading via a ZIP works.
Attachments (4)
Change History (10)
#2
@
11 years ago
- Priority changed from high to highest omg bbq
- Severity changed from critical to blocker
if possible
It's not quite possible for the JSONP requests.
This ticket was mentioned in IRC in #wordpress-dev by Clorith. View the logs.
11 years ago
#4
@
11 years ago
- Keywords has-patch added; needs-patch dev-feedback removed
27798.2.patch routes search through admin-ajax and uses themes_api().
- Based on WP_Theme_Install_List_Table::install_theme_info()
- Reverts [27961] for JSONP
- Reverts parts of [27940] for num_ratings
- Suppresses trigger_error() in themes_api() when DOING_AJAX
- Fixes backToFilters which adds an anchor to URL
$theme->update_url
can maybe ignored because unused
Note: See
TracTickets for help on using
tickets.
27798.patch would fix this, but there are many other places where a theme specific nonce is currently used. I think we should revert to theme specific nonce again, if possible. Opinions?