[wp-trac] [WordPress Trac] #11953: wp_nonce_filed() does not pass the result of wp_referer_field()
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 19 21:48:43 UTC 2010
#11953: wp_nonce_filed() does not pass the result of wp_referer_field()
--------------------------+-------------------------------------------------
Reporter: webduo | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Security | Version: 2.9.1
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
When using `wp_nonce_field` in "no echo mode" ($echo argument is set to
false) and with the $referer variable set to true (which is the default)
the result of `wp_referer_field` function is not added to $nonce_field
which is returned at the end of `wp_nonce_field`.
I'd expect `wp_nonce_field` to return the same content what it echoes, but
now it outputs two fields and passes just one (without the referer field).
So:
{{{
#!php
wp_nonce_field('some-action-name');
}}}
results in something like
{{{
#!text/html
<input type="hidden" id="_wpnonce" name="_wpnonce" value="123456789a" />
<input type="hidden" name="_wp_http_referer" value="/wp-admin/options-
general.php?page=some-action-name" />
}}}
where
{{{
#!php
wp_nonce_field('some-action-name', '_wpnonce', true, false);
}}}
returns only
{{{
#!text/html
<input type="hidden" id="_wpnonce" name="_wpnonce" value="123456789a" />
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11953>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list