WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 5 years ago

#5045 closed defect (bug) (worksforme)

"Delete Post" / "Delete Draft" without JavaScript abuses nonce protection

Reported by: markjaquith Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3
Component: Accessibility Keywords:
Focuses: Cc:

Description

If the "Delete Post" / "Delete Draft" button is clicked without JavaScript enabled (on the Write screen), a nonce error page is presented. This is an abuse of the nonce functionality (which is there for anti-CSRF).

Attachments (1)

delete_post_nonce.diff (2.1 KB) - added by markjaquith 7 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 djr6 years ago

  • Keywords has-patch added

comment:2 Denis-de-Bernardy5 years ago

  • Component changed from General to Accessibility
  • Owner anonymous deleted

still current?

comment:3 Denis-de-Bernardy5 years ago

  • Keywords needs-patch added; has-patch removed
  • Milestone changed from 2.9 to Future Release

comment:4 scohoust5 years ago

  • Keywords needs-patch removed
  • Milestone Future Release deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Fairly old ticket and working fine in trunk, new trash system taking the place of the delete buttons.

Note: See TracTickets for help on using tickets.