[wp-trac] [WordPress Trac] #36954: Cancelling an admin email address change on Multisite lacks a nonce
WordPress Trac
noreply at wordpress.org
Sat Jun 18 02:23:28 UTC 2016
#36954: Cancelling an admin email address change on Multisite lacks a nonce
----------------------------------------+------------------------------
Reporter: johnbillion | Owner:
Type: defect (bug) | Status: new
Priority: lowest | Milestone: Awaiting Review
Component: Administration | Version:
Severity: minor | Resolution:
Keywords: needs-patch good-first-bug | Focuses: multisite
----------------------------------------+------------------------------
Comment (by scottbasgaard):
>The change of admin email address on a site in Multisite requires the
link in a confirmation email to be clicked before it's activated. The
"Cancel" link shown next to the "Email Address" field on the General
Settings screen during that process lacks a nonce.
Nice find @johnbillion, gave it a quick go.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36954#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list