[wp-trac] [WordPress Trac] #62617: Infinitive loop on API req in Block editor after wordpress_logged_in cookie is removed
WordPress Trac
noreply at wordpress.org
Mon Dec 2 04:21:20 UTC 2024
#62617: Infinitive loop on API req in Block editor after wordpress_logged_in cookie
is removed
-------------------------------------------------+-------------------------
Reporter: mustra | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Editor | Version: 6.7.1
Severity: major | Resolution:
Keywords: has-testing-info has-screenshots | Focuses:
needs-patch |
-------------------------------------------------+-------------------------
Changes (by abcd95):
* keywords: => has-testing-info has-screenshots needs-patch
Comment:
Hey @mustra, Welcome to Trac, and thanks for bringing this up.
I can see where the issue is happening. When a `rest_cookie_invalid_nonce`
error occurs, the code automatically tries to refresh the nonce and retry
the request without checking if the cookie is actually present.
I'll develop a fix to address this vulnerability.
== Reproduction Report
=== Description
This report validates the issue can be reproduced.
=== Environment
- WordPress: 6.8-alpha-59366
- PHP: 8.2.25
- Server: Apache/2.4.62 (Debian)
- Database: mysqli (Server: 11.4.3-MariaDB-ubu2404 / Client: mysqlnd
8.2.25)
- Browser: Chrome 131.0.0.0
- OS: macOS
- Theme: Twenty Twenty-Five 1.0
=== Actual Results
✅ Error condition occurs.
=== Supplemental Artifacts
Screenshot:
[[Image(https://i.postimg.cc/gJDffVGL/image.png)]]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62617#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list