Opened 9 years ago
Closed 9 years ago
#33098 closed defect (bug) (fixed)
Re-authenticating after expired login on Edit Post screen breaks nonces
Reported by: | ericlewis | Owned by: | iseulde |
---|---|---|---|
Milestone: | 4.3 | Priority: | normal |
Severity: | critical | Version: | 4.0 |
Component: | Login and Registration | Keywords: | has-patch |
Focuses: | Cc: |
Description (last modified by )
Attachments (6)
Change History (18)
#2
@
9 years ago
- Milestone changed from Awaiting Review to 4.3
- Severity changed from normal to critical
#5
@
9 years ago
- Keywords has-patch added
The above patch should fix the problem with minimal changes. It no longer requires a valid nonce to refresh nonces. Ideally nonce refreshing should be baked in the Heartbeat API, but I think that's for a future release.
#6
@
9 years ago
In 33098.3.patch:
- Move the nonces refresh to separate filter.
- If nonces have expired, only include the nonce refresh in the response (prevents errors when other actions check nonces).
This still needs some polishing, better naming, etc. Also couple of places can be improved.
This ticket was mentioned in Slack in #core-editor by iseulde. View the logs.
9 years ago
This ticket was mentioned in Slack in #core by mark. View the logs.
9 years ago
Note: See
TracTickets for help on using
tickets.
@krogsgard mentioned this to me recently. I wished we caught this then.