[wp-trac] [WordPress Trac] #54106: wp_nonce_field in get forms
WordPress Trac
noreply at wordpress.org
Fri Sep 10 08:34:01 UTC 2021
#54106: wp_nonce_field in get forms
-----------------------------------------+-----------------------------
Reporter: msolution | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: administration, performance |
-----------------------------------------+-----------------------------
hey,
while testing one of plugins came across this issue.
recreate the issue:
1. create an admin side form with method=get
2. add wp_nonce_field() to the form, which in turn also gets
wp_referer_field()
3. every time u submit, the hidden field _wp_http_referer gets an
additional version of _wp_http_referer in the value.
4. there comes a time where the form is huge and it wont submit.
Solution:
we should have remove_query_arg() inside the function wp_referer_field(),
to remove any instance of _wp_http_referer in the $_SERVER[REQUEST_URI]
Hope this helps.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54106>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list