Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#51530 closed enhancement (duplicate)

wp_nonce_field may render inputs with the same id attributes

Reported by: anton-korotkoff's profile Anton Korotkoff Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.5.1
Component: General Keywords: has-patch
Focuses: Cc:


The $name arg is being used as an ID attribute for the hidden input. That's why it is possible that wp_nonce_field renders inputs with the same IDs, which is not valid in terms of HTML.

The attached patch has this fixed by including the actual nonce value into the ID value concatenated with the name.

Attachments (2)

51530.diff (786 bytes) - added by Anton Korotkoff 4 years ago.
51530.2.diff (790 bytes) - added by Anton Korotkoff 4 years ago.
Fixed formatting

Download all attachments as: .zip

Change History (4)

@Anton Korotkoff
4 years ago

Fixed formatting

#1 @SergeyBiryukov
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi there, welcome to WordPress Trac!

Thanks for the report, we're already tracking this issue in #23165.

#2 @Anton Korotkoff
4 years ago

3-lines fix has been taken 8 years already. Got it.

Note: See TracTickets for help on using tickets.