[wp-trac] [WordPress Trac] #19068: admin comment search never resets URL, grows infinitely

WordPress Trac wp-trac at lists.automattic.com
Thu Oct 27 15:23:49 UTC 2011

#19068: admin comment search never resets URL, grows infinitely
 Reporter:  _ck_            |      Owner:
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Administration  |    Version:  3.2.1
 Severity:  normal          |   Keywords:
 When searching from {{{ /wp-admin/edit-comments.php }}}
 the URL will grow infinitely and never reset to it's base.

 To reproduce this bug, simply search comments several times and then
 examine the resulting URL )by copying it to an editor). It will be over
 1000 characters easily, because it's simply appending the previous
 searches and previous nonces for no useful reason.

 Instead the form should just use {{{ /wp-admin/edit-comments.php }}} as
 it's submit base.

 But that form should not be using GET in the first place.

 Allowing overly long URLs is also a security problem as it can give a
 window for XSS attacks.

 I wouldn't be surprised if this design flaw exists in other parts of WP
 admin but I'll leave that up to someone else who has more patience.

Ticket URL: <http://core.trac.wordpress.org/ticket/19068>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list