[wp-testers] Deleting a draft in RC1 returns a 500 response

Mark Jaquith mark.wordpress at txfx.net
Sat Sep 22 07:17:51 GMT 2007 

On Sep 22, 2007, at 2:23 AM, Travis Snoozy wrote:

> The issue is that the Javascript "are you really, -really- sure?"
> dialog didn't get shown (I assume it tacks another nonce onto the
> querystring; I haven't looked). This isn't an error, insofar as the
> user getting tricked into clicking an external link that nukes a page
> (which is what the nonce is -supposed- to be used to prevent), but
> rather it's an abuse of the nonce to force an "are you sure" screen.
> This behavior is inconsistent, since you can delete a post just fine
> with one click from the management page.

I agree, 100%.  The nonce screen should not be seen in normal  
operation -- even with JavaScript turned off.

> I'm not to thrilled with getting a 500 from an event that's totally
> normal in regular usage when you have JS turned off (and even less
> thrilled about changing my automation so that 500 is "okay" to have
> come back). That said, a -real- nonce failure is an error, and I'll
> concede that it does deserve a 500. So, I'd say that either separate
> "are you sure" functionality should be put in here, or the offending
> nonce removed. At this point in the game, I'd vote for the latter,
> since the management page already has one-click delete.

Agreed.  The fix requires that we change the delete button into a  
link that does the deletion via a GET request.  Unfortunately we're  
less than 2 days away from 2.3's release.  It's not a critical bug,  
and because it requires CSS changes, we would need more time to let  
users of various browsers test it out.

I've opened a ticket for this issue (with a potential patch), and  
will take a look at the issue for 2.4  For 2.4 we are also going to  
be looking at eliminating a lot of JS "Are you sure?" prompts and  
moving to "You just did X.  Undo?" style.

http://trac.wordpress.org/ticket/5045

--
Mark Jaquith
http://markjaquith.com/

Covered Web Services
http://coveredwebservices.com/

WordPress Ninja @ b5media Inc
http://b5media.com/

More information about the wp-testers mailing list