WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 3 years ago

#31189 new defect (bug)

Widgets editing screen don't handle expired nonces gracefully

Reported by: dd32 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Widgets Keywords: needs-patch
Focuses: Cc:

Description

The Widgets screen doesn't handle an expired nonce gracefully, and can result in the user thinking something saved, when in actual fact it was silently discarded.

For example

  • Adding/Removing Widgets appears to work, doesn't take effect
  • Editing a Text Widget (or any titles of other widgets) and hitting save will result in a spinner, and then disappear the same way a successful save operates, even though the ajax calls returned -1 to signify a nonce error / not logged in error

Change History (6)

#1 @dd32
3 years ago

The easiest way to trigger this scenario is to run jQuery( '#_wpnonce_widgets' ).val('123456') in the console.

#2 @DrewAPicture
3 years ago

  • Keywords reporter-feedback added

@dd32: Is this new to trunk or something older?

#3 @dd32
3 years ago

Haven't tested, but I assume it's been around since we first added the current generation widgets screen that uses ajax.

#4 @DrewAPicture
3 years ago

  • Keywords needs-patch added; reporter-feedback removed
  • Version trunk deleted

This ticket was mentioned in Slack in #core-editor by iseulde. View the logs.


3 years ago

#6 @iseulde
3 years ago

Related: #24447.

Note: See TracTickets for help on using tickets.