Make WordPress Core

Opened 16 years ago

Closed 14 years ago

#5045 closed defect (bug) (worksforme)

"Delete Post" / "Delete Draft" without JavaScript abuses nonce protection

Reported by: markjaquith's profile markjaquith Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3
Component: Accessibility Keywords:
Focuses: Cc:


If the "Delete Post" / "Delete Draft" button is clicked without JavaScript enabled (on the Write screen), a nonce error page is presented. This is an abuse of the nonce functionality (which is there for anti-CSRF).

Attachments (1)

delete_post_nonce.diff (2.1 KB) - added by markjaquith 16 years ago.

Download all attachments as: .zip

Change History (5)

#1 @djr
15 years ago

  • Keywords has-patch added

#2 @Denis-de-Bernardy
14 years ago

  • Component changed from General to Accessibility
  • Owner anonymous deleted

still current?

#3 @Denis-de-Bernardy
14 years ago

  • Keywords needs-patch added; has-patch removed
  • Milestone changed from 2.9 to Future Release

#4 @scohoust
14 years ago

  • Keywords needs-patch removed
  • Milestone Future Release deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Fairly old ticket and working fine in trunk, new trash system taking the place of the delete buttons.

Note: See TracTickets for help on using tickets.