WordPress.org
Get WordPress

Make WordPress Core

Opened 11 years ago

Closed 10 years ago

#33342 closed enhancement (fixed)

check_ajax_referer action only fires on success

Reported by: johnbillion's profile johnbillion Owned by: egill's profile egill
Milestone: 4.4 Priority: normal
Severity: normal Version: 2.1
Component: Security Keywords: good-first-bug has-patch
Focuses: Cc:

Description (last modified by johnbillion)

In r33017 the check_admin_referer action was moved so it fires on failure as well as success.

The same should be done for the check_ajax_referer action.

Attachments (1)

33342.patch (745 bytes) - added by egill 10 years ago.
33342.patch

Download all attachments as: .zip

Change History (7)

#1 @johnbillion
11 years ago

  • Description modified (diff)

@egill
10 years ago

33342.patch

#2 @egill
10 years ago

Moved it and added braces. Hopefully that's all there is to it.

#3 @egill
10 years ago

  • Keywords has-patch added; needs-patch removed

#4 @DrewAPicture
10 years ago

  • Owner set to egill
  • Status changed from new to assigned

Marking the good-first-bug as "claimed".

#5 @SergeyBiryukov
10 years ago

  • Milestone changed from Future Release to 4.4

#6 @SergeyBiryukov
10 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 33743:

Fire the check_ajax_referer action on failure as well as success.

See [33017] for check_admin_referer.

props egill.
fixes #33342.

Note: See TracTickets for help on using tickets.