Ticket #2760 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Comment Editing Generates AYS

Reported by: markjaquith Assigned to: markjaquith
Priority: high Milestone:
Component: Administration Version: 2.0.2
Severity: normal Keywords: has-patch commit
Cc:

Description (Last modified by markjaquith)

Editing a comment generates an "Are you sure?" screen.

Version 2.0.3 (option not yet available in Trac)

This wouldn't be so bad if the AYS dialog didn't add slashes to any quote chars in the comment. #2761

Attachments

nonce-comment-editing.diff (342 bytes) - added by markjaquith on 06/01/06 15:10:11.
Patch for 2.0.3
2760-2.0.diff (1.2 kB) - added by mdawaffe on 06/01/06 16:48:36.
underscores for branches/2.0
2760-trunk.diff (1.2 kB) - added by mdawaffe on 06/01/06 16:49:03.
underscores for trunk

Change History

06/01/06 14:54:24 changed by markjaquith

  • description changed.

06/01/06 15:10:11 changed by markjaquith

  • attachment nonce-comment-editing.diff added.

Patch for 2.0.3

06/01/06 15:13:01 changed by markjaquith

  • keywords set to has-patch commit.
  • owner changed from anonymous to markjaquith.
  • status changed from new to assigned.

Patch fixes it. Problem should be obvious: 

wp_nonce_field('update-comment' . $comment->comment_ID)

vs 

check_admin_referer('update-comment');

thus, the nonce is invalid.

06/01/06 16:48:36 changed by mdawaffe

  • attachment 2760-2.0.diff added.

underscores for branches/2.0

06/01/06 16:49:03 changed by mdawaffe

  • attachment 2760-trunk.diff added.

underscores for trunk

06/01/06 16:52:00 changed by mdawaffe

2760-2.0.diff

2760-trunk.diff

  1. Follow verb-noun_which convention for nonces. http://trac.wordpress.org/ticket/2734#change_6

06/01/06 16:58:48 changed by ryan

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [3826]) Comment nonce fixes from Mark Jaquith and mdawaffe. fixes #2760

06/01/06 16:59:58 changed by ryan

  • status changed from closed to closed.
  • resolution set to fixed.

(In [3827]) Comment nonce fixes from Mark Jaquith and mdawaffe. fixes #2760