[wp-trac] [WordPress Trac] #10975: comment form nonce
WordPress Trac
noreply at wordpress.org
Thu Sep 10 15:08:38 UTC 2015
#10975: comment form nonce
-------------------------+-----------------------------
Reporter: tellyworth | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Comments | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
-------------------------+-----------------------------
Changes (by johnbillion):
* keywords: has-patch needs-refresh => needs-patch
Comment:
As per the comments above, this needs to take into consideration
persistent caching mechanisms which can cause an out of date nonce to be
delivered to a new visitor, preventing them from being able to leave a
comment.
As also mentioned in the comments above, this affords no protection for
anonymous users. If the nonce was only included and verified for logged in
users, then it would solve both issues.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/10975#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list