[buddypress-trac] [BuddyPress Trac] #8004: Multiple comment forms on activity stream lead to duplicated _wpnonce_new_activity_comment input ids
buddypress-trac
noreply at wordpress.org
Mon Nov 19 18:36:47 UTC 2018
#8004: Multiple comment forms on activity stream lead to duplicated
_wpnonce_new_activity_comment input ids
--------------------------+-----------------------------
Reporter: dcavins | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Activity | Version: 3.0.0
Severity: normal | Keywords: has-patch
--------------------------+-----------------------------
In the activity stream, we generate a comment form for each activity item
that could be commented upon. In both BP Legacy and BP Nouveau, we add a
nonce to each `<form>`, using the same key ,
`_wpnonce_new_activity_comment`, which results in an input like `<input
type="hidden" id="_wpnonce_new_activity_comment"
name="_wpnonce_new_activity_comment" value="d34c5f9ffe">`.
To make the IDs of these inputs unique (even though the values aren't),
I've added a new function to generate nonces with customizable IDs, and
changed the form-submit listener logic in Legacy and Nouveau so that the
correct input is selected. (We could also change the selectors to find the
input by name, like
`jQuery('input[name="_wpnonce_new_activity_comment"]')` if that seems
simpler. )
Thanks for your comments!
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8004>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list