WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 5 months ago

#33977 new defect (bug)

set_transient('settings_errors', get_settings_errors(), 30); and multi user @ wp-admin/options.php

Reported by: coldwinds Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.3.1
Component: Options, Meta APIs Keywords:
Focuses: administration Cc:
PR Number:

Description

Code highlighting:

        /**
         * Handle settings errors and return to options page
         */
        // If no settings errors were registered add a general 'updated' message.
        if ( !count( get_settings_errors() ) )
                add_settings_error('general', 'settings_updated', __('Settings saved.'), 'updated');
        set_transient('settings_errors', get_settings_errors(), 30);

        /**
         * Redirect back to the settings page that was submitted
         */
        $goback = add_query_arg( 'settings-updated', 'true',  wp_get_referer() );
        wp_redirect( $goback );
        exit;

I see the code above in wp-admin/options.php

since the key 'settings_errors' is not binding to a user, Is there a chance than one user's error message may be shown on another user's page?

Change History (2)

#1 @SergeyBiryukov
4 years ago

  • Component changed from General to Options, Meta APIs

#2 @MikeHansenMe
3 years ago

I was not able to reproduce the error. The transient is set when it is submitted and deleted immediately after when it is displayed. While this is not ideal, I do not think it is broken.

Note: See TracTickets for help on using tickets.