[buddypress-trac] [BuddyPress Trac] #7622: bp_message_notice_delete_link uses wrong action for nonce generation
buddypress-trac
noreply at wordpress.org
Wed Nov 29 14:08:17 UTC 2017
#7622: bp_message_notice_delete_link uses wrong action for nonce generation
--------------------------+----------------------------------
Reporter: tobiashonold | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Under Consideration
Component: Messages | Version:
Severity: normal | Resolution:
Keywords: |
--------------------------+----------------------------------
Changes (by tobiashonold):
* keywords: reporter-feedback =>
Comment:
2.9.2.
The check is in the file buddypress/bp-messages/bp-messages-actions.php in
line 160, inside the bp_messages_action_edit_notice function
{{{#!php
check_admin_referer( "messages_{$action}_notice" );
}}}
The $action in this case is delete of course. Here it fails if the notice
delete button nonce gets created with 'messages_delete_thread' as action.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7622#comment:2>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list