[wp-trac] [WordPress Trac] #52600: wp_nonce_ays('log-out') is confusing

WordPress Trac noreply at wordpress.org
Mon Nov 8 18:56:30 UTC 2021


#52600: wp_nonce_ays('log-out') is confusing
------------------------------------+---------------------
 Reporter:  david.kryzaniak         |       Owner:  (none)
     Type:  enhancement             |      Status:  new
 Priority:  normal                  |   Milestone:  5.9
Component:  Login and Registration  |     Version:
 Severity:  normal                  |  Resolution:
 Keywords:  has-patch dev-feedback  |     Focuses:
------------------------------------+---------------------

Comment (by hellofromTonya):

 The attempt to logout messaging makes sense to me. +1 improvement

 What about the response code? Should an attempt to log out that lands on
 that page be a 403 or 200?

 Some history:
 * Prior to 2.9, the response code was 500 (Internal Server Error), i.e.
 the default in `wp_die()`.
 * Then in #11289 [12309], the response code was changed to 403
 (Forbidden).

 Expired link makes sense as a 403. What about when attempting to logout
 and landing on an are you sure page?

 @peterwilsoncc What do you think?

 Code Review notes:
 * I'd suggest being intentional with the double assignment by changing
 `$title = $html = sprintf(` to `$title = $html;` just below where `$html`
 is assigned.
 * Alignment of variable assignments

 Other than that, the code itself looks good.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52600#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list