WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 4 years ago

#36361 closed enhancement (fixed)

check_ajax_referer() lacks a _doing_it_wrong() call when the $action parameter is omitted

Reported by: johnbillion Owned by: johnbillion
Milestone: 4.7 Priority: normal
Severity: normal Version: 3.2
Component: Security Keywords: has-patch
Focuses: Cc:

Description

If the $action parameter is omitted when calling check_admin_referer(), a call to _doing_it_wrong() is triggered. See [18195].

The same is not true for check_ajax_referer().

Attachments (1)

36361.patch (649 bytes) - added by johnbillion 5 years ago.

Download all attachments as: .zip

Change History (4)

@johnbillion
5 years ago

#1 @johnbillion
5 years ago

  • Keywords has-patch added

#2 @johnbillion
4 years ago

  • Milestone changed from Future Release to 4.7

#3 @johnbillion
4 years ago

  • Owner set to johnbillion
  • Resolution set to fixed
  • Status changed from new to closed

In 38420:

Security: Trigger a _doing_it_wrong() when check_ajax_referer() is called without its first parameter. This brings it inline with check_admin_referer().

Fixes #36361

Note: See TracTickets for help on using tickets.