[wp-trac] [WordPress Trac] #20770: Introduce AJAX response message
WordPress Trac
wp-trac at lists.automattic.com
Wed May 30 00:36:27 UTC 2012
#20770: Introduce AJAX response message
-------------------------------------------------+-------------------------
Reporter: alexvorn2 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
Component: Widgets | Review
Severity: minor | Version:
Keywords: 2nd-opinion has-patch ui-feedback | Resolution:
ux-feedback |
-------------------------------------------------+-------------------------
Comment (by nacin):
check_ajax_referer() can fail to due a bad nonce. Nonces are only good for
up to 24 hours, but a logged-in cookie is good for two days (14 if you
check 'Remember Me').
On post.php, we refresh the nonce automatically if it is in the second
half of its life. We don't, as far as I know, on widgets.php.
If the nonce check fails, no amount of logging in will help them, as they
still don't have a valid nonce on that page. The page would need to be
refreshed. So while checking for "-1" won't help, there is still the
possibility of an error condition.
Due to the nature of widgets.php, we probably should be cycling the nonce
in the 12 final hours of its validity.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20770#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list