WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#7204 closed enhancement (invalid)

Theme previewer needs a nonce

Reported by: johnbillion Owned by:
Milestone: Priority: low
Severity: normal Version: 2.6
Component: Template Keywords:
Focuses: Cc:

Description

The new theme preview system in 2.6 should be protected by a nonce.

Outside chance that a scenario could occur where a theme is broken or in development and a curious visitor could visit a URL such as www.example.com/?preview=1&template=whatever and see database errors or PHP errors which is never really a good thing.

Change History (2)

comment:1 johnbillion6 years ago

  • Resolution set to invalid
  • Status changed from new to closed

Scrap that. A user has to be logged in in order to see the previewed theme.

comment:2 johnbillion6 years ago

  • Keywords needs-patch removed
  • Milestone 2.6 deleted
Note: See TracTickets for help on using tickets.