[wp-trac] [WordPress Trac] #24063: Introduce some more _doing_it_wrong() calls in nonce functions
WordPress Trac
noreply at wordpress.org
Sat Feb 22 05:50:29 UTC 2014
#24063: Introduce some more _doing_it_wrong() calls in nonce functions
-------------------------+------------------------------
Reporter: johnbillion | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.2
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-------------------------+------------------------------
Comment (by SergeyBiryukov):
Replying to [ticket:24063 johnbillion]:
> `check_ajax_referer()` should also behave the same as
`check_admin_referer()` but I'm not sure if potentially raising notices in
AJAX calls is a good idea.
FWIW, I don't think it's a good idea.
Also, `wp_nonce_url()` is used directly in `href` attributes, so the
notice would result in a badly broken link:
{{{
<a href="<br />
<b>Notice</b>: wp_nonce_url was called <strong>incorrectly</strong>. You
should specify a nonce action as the second parameter. Please see <a
href="http://codex.wordpress.org/Debugging_in_WordPress">Debugging in
WordPress</a> for more information. (This message was added in version
3.9.) in <b>wp-includes/functions.php</b> on line <b>3069</b><br />
index.php?_wpnonce=dedea08d5f">Link text</a>
}}}
Which is displayed like this:
[/%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20wp_nonce_url%20was%20called%20%3Cstrong%3Eincorrectly%3C/strong%3E.%20You%20should%20specify%20a%20nonce%20action%20as%20the%20second%20parameter.%20Please%20see%20%3Ca%20href=
Debugging in WordPress] for more information. (This message was added in
version 3.9.) in '''wp-includes/functions.php''' on line '''3069'''
index.php?_wpnonce=dedea08d5f">Link text
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24063#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list