[wp-trac] [WordPress Trac] #37266: AJAX uploads fail to complete successfully when a cookie named "action" exists

WordPress Trac noreply at wordpress.org
Fri Apr 19 21:01:39 UTC 2019 

#37266: AJAX uploads fail to complete successfully when a cookie named "action"
exists
----------------------------+----------------------
 Reporter:  pembo13         |       Owner:  (none)
     Type:  defect (bug)    |      Status:  closed
 Priority:  normal          |   Milestone:
Component:  Administration  |     Version:  4.5.3
 Severity:  normal          |  Resolution:  invalid
 Keywords:                  |     Focuses:
----------------------------+----------------------
Changes (by desrosj):

 * status:  new => closed
 * resolution:   => invalid
 * milestone:  Awaiting Review =>


Old description:

> When a user has a cookie named "action", AJAX uploads to `/wp-admin
> /async-upload.php` fail to define `DOING_AJAX` because the check
> `'upload-attachment' === $_REQUEST['action']` since $_REQUEST includes
> $_COOKIES.
>
> As a result, calling `wp_die()` at the end of
> `wp_ajax_upload_attachment()` results in the standard Wordpress error
> HTML being appended to the response, and an HTTP 500 error code being
> returned.
>
> I'm currently seeing this being triggered by the "Calls To Action"
> plugin. See http://support.inboundnow.com/support/topic/calls-to-action-
> breaking-wordpress-image-upload/
>
> This probably affects all versions of Wordpress.

New description:

 When a user has a cookie named "action", AJAX uploads to `/wp-admin/async-
 upload.php` fail to define `DOING_AJAX` because the check `'upload-
 attachment' === $_REQUEST['action']` since $_REQUEST includes $_COOKIES.

 As a result, calling `wp_die()` at the end of
 `wp_ajax_upload_attachment()` results in the standard WordPress error HTML
 being appended to the response, and an HTTP 500 error code being returned.

 I'm currently seeing this being triggered by the "Calls To Action" plugin.
 See http://support.inboundnow.com/support/topic/calls-to-action-breaking-
 wordpress-image-upload/

 This probably affects all versions of Wordpress.

--

Comment:

 Hi @pembo13,

 My apologies that it took so long to receive a response to this ticket.

 This seems like an issue with the Calls to Action plugin WordPress Core
 can't account for plugins overwriting variables with the same names. If I
 am misinterpreting the issue, feel free to reopen with more details and
 some code to demonstrate the issue.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/37266#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list