Opened 10 years ago
Closed 10 years ago
#29900 closed defect (bug) (duplicate)
WordPress Logout Redirect Failure Notice
Reported by: | Owned by: | ||
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.1 |
Component: | Login and Registration | Keywords: | has-patch |
Focuses: | ui, administration | Cc: |
Description
When attempting to logout, if the wpnonce is not valid you are greeted with the following message:
Example URL: domain.com/wp-login.php?action=logout&_wpnonce=05a47423b1
Message: "You are attempting to log out of domain.com. Do you really want to log out?"
A screenshot is attached.
This is important to prevent accidental logouts.
However, this message also appears when the user is not even logged in to the website. For example:
http://wpengine.com/wp-login.php?action=logout&_wpnonce=05a47423b1
https://www.wpsitecare.com/wp-login.php?action=logout&_wpnonce=05a47423b1
https://getflywheel.com/wp-login.php?action=logout&_wpnonce=05a47423b1
This should not occur.
If you are logged out, the "Do you really want to log out.." message and link provides no value as you are already logged out and you have no alternative.
Attachments (2)
Change History (4)
#1
@
10 years ago
- Keywords has-patch added
Patch 29900.txt modifies wp_nonce_ays() to first check to see if the user is not logged in.
If the user is not logged in it will redirect to the login page.
Additionally, it removes the word "Failure" from the page title. For the average user, seeing WordPress report a "failure" anywhere on the website does not instill confidence in the software.
Screenshot for Ticket #29900