WordPress.org
Get WordPress

Make WordPress Core

Opened 19 years ago

Closed 19 years ago

Last modified 18 years ago

#2806 closed defect (bug) (fixed)

Incorrect nonce check

Reported by: westi's profile westi Owned by: westi's profile westi
Milestone: Priority: normal
Severity: normal Version: 2.0.2
Component: Security Keywords: bg|has-patch
Focuses: Cc:

Description

I've done some greping and analysis on the calls to wp_nonce_url, wp_nonce_field and check_admin_referer in branches/2.0 and found an incorrect nonce check.

When I get the time I'll do this for trunk too :-)

Attachments (2)

2806.diff (461 bytes) - added by westi 19 years ago.
Patch to fix the nonce check for delete-bookmark
delete_bookmark_no_js_fix.diff (512 bytes) - added by markjaquith 19 years ago.
Fix for deleting bookmarks with JS off

Download all attachments as: .zip

Change History (6)

@westiLead Developer
19 years ago

Patch to fix the nonce check for delete-bookmark

#1 @westiLead Developer
19 years ago

  • Component changed from Administration to Security
  • Keywords bg|has-patch added
  • Owner changed from anonymous to westi
  • Status changed from new to assigned

#2 @markjaquithLead Developer
19 years ago

Doesn't fix the issue. There's an action mismatch. It sends "delete" but checks for "Delete"

Note that this is all with JavaScript off... the regular AJAX deletion works fine. My patch fixes it. I'll also be updating my WordPress 2.0.3 tuneup plugin to fix this.

@markjaquithLead Developer
19 years ago

Fix for deleting bookmarks with JS off

#3 @ryanLead Tester
19 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [3858]) Delete bookmark nonce fix from westi and markjaquith. fixes #2806

#4 @(none)
18 years ago

  • Milestone 2.0.4 deleted

Milestone 2.0.4 deleted

Note: See TracTickets for help on using tickets.