[wp-trac] [WordPress Trac] #43611: Duplicate _ajax_nonce input cause conflict between find_post_div and post_custom_div

Thu Mar 22 18:39:20 UTC 2018

#43611: Duplicate _ajax_nonce input cause conflict between find_post_div and
post_custom_div
-----------------------------+-----------------------------
 Reporter:  charlesstpierre  |      Owner:
     Type:  defect (bug)     |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Administration   |    Version:  4.9.4
 Severity:  normal           |   Keywords:
  Focuses:  administration   |
-----------------------------+-----------------------------
 I ran into the error today. Here is the situation

 On Post edit page, I’ve added the FindPost functionality. I’ve included
 find_posts_div using the admin_footer hook, as normal. It is added to 2
 custom post types without custom-fields support and to the regular Post
 post type.

 It worked flawlessly on both custom post types, but the ajax call to get
 the post list from inside the Post edit page, sent back a 403. I’ve
 isolated the problem to the _ajax_nonce value, which was different from
 the 2 others post types.

 After checking the source of the admin page, I saw that there was 2
 _ajax_nonce fields, and that the value sent to Find-Posts query was the
 _ajax_nonce from the Custom-Post-field.

 More over, I’ve checked and both _ajax_nonce inputs share the same ID
 (_ajax_nonce). Poor media.js can’t find the right one on line 107.

 So, they must be differentiated. Easiest fix would be to change the ID of
 the _ajax_nonce input in FindPostDiv.

 Further more, the Post Custom div interface creates duplicate #_ajax_nonce
 for each custom fields (at least with the same value). Feel free to create
 another ticket for this.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43611>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform