[wp-trac] [WordPress Trac] #24447: Avoid losing data after nonces expire
WordPress Trac
noreply at wordpress.org
Fri May 31 18:56:54 UTC 2013
#24447: Avoid losing data after nonces expire
----------------------------+------------------
Reporter: azaozz | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.6
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: |
----------------------------+------------------
Comment (by azaozz):
Replying to [comment:3 knutsp]:
> Show an error and present the user with two options:
>
> 1. Log in and save the content as a new draft
> 2. Log in and discard the content
Yes, that will work.
Nonces expiration is different than login expiration. The user can still
be logged in and the nonces may have expired. In this case 2 can proceed
and reload the page.
If 1 is selected we ask for the user's password again and override nonce
checking (see the second option in the previous comment). The password
will be submitted with the form so we will be logging the user in (or
verifying the password) at the same time as saving the submitted form
data.
If we go this way we will have to "pre-verify" the entered password in
case the user makes a mistake, doable with ajax.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24447#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list