Make WordPress Core

Context Navigation

← Previous Ticket
Next Ticket →

Opened 10 years ago

Closed 9 years ago

#36361 closed enhancement (fixed)

check_ajax_referer() lacks a _doing_it_wrong() call when the $action parameter is omitted

Reported by:	johnbillion	Owned by:	johnbillion
Milestone:	4.7	Priority:	normal
Severity:	normal	Version:	3.2
Component:	Security	Keywords:	has-patch
Focuses:		Cc:

Description

If the $action parameter is omitted when calling check_admin_referer(), a call to _doing_it_wrong() is triggered. See [18195].

The same is not true for check_ajax_referer().

Attachments (1)

36361.patch (649 bytes) - added by johnbillion 10 years ago.

Download all attachments as: .zip

Change History (4)

@johnbillion
10 years ago

Attachment 36361.patch added

#1 @johnbillion
10 years ago

Keywords has-patch added

#2 @johnbillion
9 years ago

Milestone changed from Future Release to 4.7

#3 @johnbillion
9 years ago

Owner set to johnbillion
Resolution set to fixed
Status changed from new to closed

Security: Trigger a _doing_it_wrong() when check_ajax_referer() is called without its first parameter. This brings it inline with check_admin_referer().

Fixes #36361

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats: