[wp-trac] Re: [WordPress Trac] #2678: Nonces instead of referers

WordPress Trac wp-trac at lists.automattic.com
Thu May 18 00:07:28 GMT 2006

#2678: Nonces instead of referers
       Id:  2678            |      Status:  new                     
Component:  Administration  |    Modified:  Thu May 18 00:07:28 2006
 Severity:  normal          |   Milestone:                          
 Priority:  normal          |     Version:  2.1                     
    Owner:  anonymous       |    Reporter:  ringmaster              
Comment (by mdawaffe):

 Currently, category deletion from Manage->Categories and post deletion
 from post.php fail the nonce check.  Deleting posts is particularly
 annying since the user is sent through both the JS confirmation and the
 check_admin_ref confirmation.


  1. Nonces for category deletion from Manage->Categories.
  1. Nonces for post deletion from post.php.  Uses JS to update the
 _wpnonce field if the button is pressed and the JS confirmation dialog is
 approved.  If the user does not have JS capabilities, the nonce will fail
 and they will have to go through the check_admin_ref confirmation.  Either
 way, the user will see one (and only one) confirmation for post deletion

Ticket URL: <http://trac.wordpress.org/ticket/2678>
WordPress Trac <http://wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list