[wp-trac] [WordPress Trac] #10975: comment form nonce

WordPress Trac noreply at wordpress.org
Thu Sep 10 15:08:38 UTC 2015


#10975: comment form nonce
-------------------------+-----------------------------
 Reporter:  tellyworth   |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Future Release
Component:  Comments     |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  needs-patch  |     Focuses:
-------------------------+-----------------------------
Changes (by johnbillion):

 * keywords:  has-patch needs-refresh => needs-patch


Comment:

 As per the comments above, this needs to take into consideration
 persistent caching mechanisms which can cause an out of date nonce to be
 delivered to a new visitor, preventing them from being able to leave a
 comment.

 As also mentioned in the comments above, this affords no protection for
 anonymous users. If the nonce was only included and verified for logged in
 users, then it would solve both issues.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/10975#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list