[buddypress-trac] [BuddyPress] #3310: Nonce Checks Failing for Private Groups
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Wed Jun 29 22:33:03 UTC 2011
#3310: Nonce Checks Failing for Private Groups
-----------------------------+-----------------------------
Reporter: Iridox | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Groups | Version: 1.2.8
Keywords: nonce, security |
-----------------------------+-----------------------------
Running BuddyPress 1.2.8 on Wordpress 3.1.4
'''Expected behavior''': Clicking an action such as Accepting a join
request or promoting a member to admin status to complete successfully.
'''The Result''': Nonce check fails and WordPress returns a "Failure
Notice" with a "try again" link.
I can reproduce this on a completely fresh copy of wordpress and
buddypress (same versions as above.)
When I removed the check_admin_referrer() calls in bp-groups.php expected
behavior resumed, but I assume I just killed the security feature
entirely.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/3310>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list