[buddypress-trac] [BuddyPress] #3310: Nonce Checks Failing for Private Groups

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Wed Jun 29 22:33:03 UTC 2011


#3310: Nonce Checks Failing for Private Groups
-----------------------------+-----------------------------
 Reporter:  Iridox           |      Owner:
     Type:  defect           |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Groups           |    Version:  1.2.8
 Keywords:  nonce, security  |
-----------------------------+-----------------------------
 Running BuddyPress 1.2.8 on Wordpress 3.1.4

 '''Expected behavior''': Clicking an action such as Accepting a join
 request or promoting a member to admin status to complete successfully.

 '''The Result''': Nonce check fails and WordPress returns a "Failure
 Notice" with a "try again" link.

 I can reproduce this on a completely fresh copy of wordpress and
 buddypress (same versions as above.)

 When I removed the check_admin_referrer() calls in bp-groups.php expected
 behavior resumed, but I assume I just killed the security feature
 entirely.

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/3310>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list