[wp-trac] [WordPress Trac] #19068: admin comment search never resets URL, grows infinitely
WordPress Trac
wp-trac at lists.automattic.com
Thu Oct 27 15:23:49 UTC 2011
#19068: admin comment search never resets URL, grows infinitely
----------------------------+-----------------------------
Reporter: _ck_ | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 3.2.1
Severity: normal | Keywords:
----------------------------+-----------------------------
When searching from {{{ /wp-admin/edit-comments.php }}}
the URL will grow infinitely and never reset to it's base.
To reproduce this bug, simply search comments several times and then
examine the resulting URL )by copying it to an editor). It will be over
1000 characters easily, because it's simply appending the previous
searches and previous nonces for no useful reason.
Instead the form should just use {{{ /wp-admin/edit-comments.php }}} as
it's submit base.
But that form should not be using GET in the first place.
Allowing overly long URLs is also a security problem as it can give a
window for XSS attacks.
I wouldn't be surprised if this design flaw exists in other parts of WP
admin but I'll leave that up to someone else who has more patience.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19068>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list