Context Navigation

← Previous Ticket
Next Ticket →

#5045 closed defect (bug) (worksforme)

"Delete Post" / "Delete Draft" without JavaScript abuses nonce protection

Reported by:	markjaquith	Owned by:
Milestone:		Priority:	normal
Severity:	normal	Version:	2.3
Component:	Accessibility	Keywords:
Focuses:		Cc:

Description

If the "Delete Post" / "Delete Draft" button is clicked without JavaScript enabled (on the Write screen), a nonce error page is presented. This is an abuse of the nonce functionality (which is there for anti-CSRF).

Attachments (1)

delete_post_nonce.diff (2.1 KB) - added by markjaquith 16 years ago.

Download all attachments as: .zip

Change History (5)

@markjaquith
16 years ago

Attachment delete_post_nonce.diff added

#1 @djr
15 years ago

Keywords has-patch added

#2 @Denis-de-Bernardy
14 years ago

Component changed from General to Accessibility
Owner anonymous deleted

still current?

#3 @Denis-de-Bernardy
14 years ago

Keywords needs-patch added; has-patch removed
Milestone changed from 2.9 to Future Release

#4 @scohoust
14 years ago

Keywords needs-patch removed
Milestone Future Release deleted
Resolution set to worksforme
Status changed from new to closed

Fairly old ticket and working fine in trunk, new trash system taking the place of the delete buttons.

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

Make WordPress Core