[wp-trac] [WordPress Trac] #14336: Link attributes such as target and title disappear when replying to comments from Dashboard
WordPress Trac
wp-trac at lists.automattic.com
Sun Jan 16 01:14:42 UTC 2011
#14336: Link attributes such as target and title disappear when replying to
comments from Dashboard
-----------------------------------+-----------------------------
Reporter: iceflatline | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Comments | Version: 3.0
Severity: normal | Resolution:
Keywords: 3.2-early needs-patch |
-----------------------------------+-----------------------------
Changes (by mdawaffe):
* keywords: => 3.2-early needs-patch
* component: General => Comments
* milestone: Awaiting Review => Future Release
Comment:
Confirmed.
The unfiltered_html nonce is based on the post_id but is generated only
once both on the dashboard and on edit-comments.php.
Furthermore, on the dashboard, the post_id used is {{{0}}} since it's
pulled from the {{{global $post}}}.
This means the nonce check in admin-ajax.php fails and KSES is always
applied to comments.
See {{{wp_comment_form_unfiltered_html_nonce()}}} and
{{{$_POST['_wp_unfiltered_html_comment']}}}.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14336#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list