[buddypress-trac] [BuddyPress Trac] #7622: bp_message_notice_delete_link uses wrong action for nonce generation
    buddypress-trac 
    noreply at wordpress.org
       
    Wed Nov 29 14:08:17 UTC 2017
    
    
  
#7622: bp_message_notice_delete_link uses wrong action for nonce generation
--------------------------+----------------------------------
 Reporter:  tobiashonold  |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Under Consideration
Component:  Messages      |     Version:
 Severity:  normal        |  Resolution:
 Keywords:                |
--------------------------+----------------------------------
Changes (by tobiashonold):
 * keywords:  reporter-feedback =>
Comment:
 2.9.2.
 The check is in the file buddypress/bp-messages/bp-messages-actions.php in
 line 160, inside the bp_messages_action_edit_notice function
 {{{#!php
 check_admin_referer( "messages_{$action}_notice" );
 }}}
 The $action in this case is delete of course. Here it fails if the notice
 delete button nonce gets created with 'messages_delete_thread' as action.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7622#comment:2>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
    
    
More information about the buddypress-trac
mailing list