[wp-trac] [WordPress Trac] #51530: wp_nonce_field may render inputs with the same id attributes
WordPress Trac
noreply at wordpress.org
Thu Oct 15 10:34:46 UTC 2020
#51530: wp_nonce_field may render inputs with the same id attributes
-----------------------------+-----------------------------
Reporter: Anton Korotkoff | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.5.1
Severity: normal | Keywords: has-patch
Focuses: |
-----------------------------+-----------------------------
The $name arg is being used as an ID attribute for the hidden input.
That's why it is possible that wp_nonce_field renders inputs with the same
IDs, which is not valid in terms of HTML.
The attached patch has this fixed by including the actual nonce value into
the ID value concatenated with the name.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51530>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list