[wp-trac] [WordPress Trac] #5045: "Delete Post" / "Delete Draft"
without JavaScript abuses nonce protection
WordPress Trac
wp-trac at lists.automattic.com
Sat Sep 22 06:46:40 GMT 2007
#5045: "Delete Post" / "Delete Draft" without JavaScript abuses nonce protection
-------------------------+--------------------------------------------------
Reporter: markjaquith | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.4
Component: General | Version: 2.3
Severity: normal | Keywords:
-------------------------+--------------------------------------------------
If the "Delete Post" / "Delete Draft" button is clicked without JavaScript
enabled (on the Write screen), a nonce error page is presented. This is
an abuse of the nonce functionality (which is there for anti-CSRF).
--
Ticket URL: <http://trac.wordpress.org/ticket/5045>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list