WordPress.org

Make WordPress Core

Opened 3 months ago

#43611 new defect (bug)

Duplicate _ajax_nonce input cause conflict between find_post_div and post_custom_div

Reported by: charlesstpierre Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.4
Component: Administration Keywords:
Focuses: administration Cc:

Description

I ran into the error today. Here is the situation

On Post edit page, I’ve added the FindPost functionality. I’ve included find_posts_div using the admin_footer hook, as normal. It is added to 2 custom post types without custom-fields support and to the regular Post post type.

It worked flawlessly on both custom post types, but the ajax call to get the post list from inside the Post edit page, sent back a 403. I’ve isolated the problem to the _ajax_nonce value, which was different from the 2 others post types.

After checking the source of the admin page, I saw that there was 2 _ajax_nonce fields, and that the value sent to Find-Posts query was the _ajax_nonce from the Custom-Post-field.

More over, I’ve checked and both _ajax_nonce inputs share the same ID (_ajax_nonce). Poor media.js can’t find the right one on line 107.

So, they must be differentiated. Easiest fix would be to change the ID of the _ajax_nonce input in FindPostDiv.

Further more, the Post Custom div interface creates duplicate #_ajax_nonce for each custom fields (at least with the same value). Feel free to create another ticket for this.

Change History (0)

Note: See TracTickets for help on using tickets.