[buddypress-trac] [BuddyPress] #3861: BuddyPress Group admin functions consistently produce 403 Forbidden page errors.
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Fri Dec 16 18:09:05 UTC 2011
#3861: BuddyPress Group admin functions consistently produce 403 Forbidden page
errors.
-------------------------------+------------------------------
Reporter: gbellucci | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Groups | Version: 1.5.2
Severity: normal | Resolution:
Keywords: reporter-feedback |
-------------------------------+------------------------------
Changes (by boonebgorges):
* keywords: => reporter-feedback
Comment:
Thanks for the report.
I can't reproduce the issue, and I think that it can be traced back to a
reading of check_admin_referer().
http://core.trac.wordpress.org/browser/tags/3.3/wp-
includes/pluggable.php#L800
You're right about admin_url() in general. But we only compare against
$adminurl (line 807) if !$result, which is to say only if
$_REQUEST['_wpnonce'] is not set, or it doesn't pass the wp_verify_nonce()
check. In BP, we should always be passing a _wpnonce along with the form
submit (as you note in your report), so if you're having a problem it must
be that the wp_verify_nonce() check is failing. Could you try tracing that
function a bit?
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/3861#comment:1>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list