[buddypress-trac] [BuddyPress Trac] #7622: bp_message_notice_delete_link uses wrong action for nonce generation

buddypress-trac noreply at wordpress.org
Wed Nov 29 14:08:17 UTC 2017


#7622: bp_message_notice_delete_link uses wrong action for nonce generation
--------------------------+----------------------------------
 Reporter:  tobiashonold  |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Under Consideration
Component:  Messages      |     Version:
 Severity:  normal        |  Resolution:
 Keywords:                |
--------------------------+----------------------------------
Changes (by tobiashonold):

 * keywords:  reporter-feedback =>


Comment:

 2.9.2.

 The check is in the file buddypress/bp-messages/bp-messages-actions.php in
 line 160, inside the bp_messages_action_edit_notice function
 {{{#!php
 check_admin_referer( "messages_{$action}_notice" );
 }}}
 The $action in this case is delete of course. Here it fails if the notice
 delete button nonce gets created with 'messages_delete_thread' as action.

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7622#comment:2>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list