WordPress.org

Make WordPress Core

Opened 12 months ago

Closed 8 months ago

#51483 closed defect (bug) (fixed)

2 elements with non unique id #_wpnonce in post.php

Reported by: vandestouwe Owned by: ocean90
Milestone: 5.7 Priority: normal
Severity: normal Version: 5.0
Component: Editor Keywords: has-patch
Focuses: Cc:

Description

In the file post.php when a page is edited 2 element are found to have the same id.

  1. on line 2306: <?php wp_nonce_field( 'toggle-custom-fields'); ?>
  2. on line 2424: wp_nonce_field( $nonce_action);

Both forms are active causing a warning on the console of the webbrowser

In the included php file both lines have been given a unique id

Attachments (4)

post.php (243.9 KB) - added by vandestouwe 12 months ago.
The corrected post.php
51483.patch (1.0 KB) - added by vandestouwe 12 months ago.
The patch file to correct the issue
51483.2.patch (1.7 KB) - added by Mista-Flo 10 months ago.
Patch refreshed
51483.3.patch (1.4 KB) - added by Mista-Flo 8 months ago.
3rd patch to fix check admin referer

Download all attachments as: .zip

Change History (15)

@vandestouwe
12 months ago

The corrected post.php

#1 @Mista-Flo
12 months ago

  • Keywords reporter-feedback added

Hi @vandestouwe, welcome on trac!

Could you please provide a bit more information about the issue. Is that happening with the new block editor? Do you have some special plugins enabled like Classic Editor?

Could you also check these links in order to create a valid patch in trac.

https://make.wordpress.org/core/handbook/tutorials/working-with-patches/
https://make.wordpress.org/core/handbook/best-practices/writing-patches/

If you're familiar with code and git, you can use the wordpress-develop Github repository to easily contribute to WordPress: https://make.wordpress.org/core/handbook/contribute/git/

Last edited 12 months ago by Mista-Flo (previous) (diff)

@vandestouwe
12 months ago

The patch file to correct the issue

#2 @Mista-Flo
12 months ago

  • Keywords has-patch added

#3 @vandestouwe
12 months ago

I'm using the bock editor. The warning comes when i want to edit the page. No special plugins are installed. This is a normal page with a form as you can see in link: https://www.vandestouwe.com/subscribe when I want to edit this page you can find the warning message on the console of the web browser.

Last edited 12 months ago by vandestouwe (previous) (diff)

#4 @vandestouwe
12 months ago

  • Keywords reporter-feedback removed

#5 @noisysocks
10 months ago

  • Keywords needs-refresh added
  • Milestone changed from Awaiting Review to 5.7

I was able to confirm the bug locally.

@vandestouwe: Could you please refresh the patch? It no longer applies cleanly.

@Mista-Flo
10 months ago

Patch refreshed

#6 @Mista-Flo
10 months ago

  • Keywords needs-refresh removed

Hi @noisysocks I have refreshed the patch, applied coding standards and removed an unused local variable as well.

#7 @noisysocks
10 months ago

  • Keywords commit added

Thanks @Mista-Flo! LGTM, though we'll still want the space before the />.

#8 follow-up: @ocean90
8 months ago

  • Focuses ui coding-standards removed
  • Keywords needs-patch added; has-patch commit removed
  • Version changed from 5.5.1 to 5.0

This is related to #23165, especially the comment ticket:23165:15. For now I'd suggest to only change toggle-custom-fields. Please keep in mind that you also have to set the $query_arg parameter for the check_admin_referer() call.

@Mista-Flo
8 months ago

3rd patch to fix check admin referer

#9 in reply to: ↑ 8 @Mista-Flo
8 months ago

  • Keywords has-patch added; needs-patch removed

Replying to ocean90:

This is related to #23165, especially the comment ticket:23165:15. For now I'd suggest to only change toggle-custom-fields. Please keep in mind that you also have to set the $query_arg parameter for the check_admin_referer() call.

Hi @ocean90, good catch, thanks for the help! I fixed the issue in last patch

This ticket was mentioned in Slack in #core by hellofromtonya. View the logs.


8 months ago

#11 @ocean90
8 months ago

  • Owner set to ocean90
  • Resolution set to fixed
  • Status changed from new to closed

In 50255:

Block Editor: Use a unique name for the nonce of the custom fields toggle form.

Avoids a browser warning for having two elements with a non-unique id #_wpnonce on the post edit screen.

See #23165.
Fixes #51483.
Props vandestouwe, Mista-Flo.

Note: See TracTickets for help on using tickets.