[wp-trac] [WordPress Trac] #54106: wp_nonce_field in get forms
WordPress Trac
noreply at wordpress.org
Fri Oct 7 05:43:31 UTC 2022
#54106: wp_nonce_field in get forms
-------------------------------------------------+-------------------------
Reporter: msolution | Owner: pbearne
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 6.1
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-unit-tests has-patch has- | Focuses:
testing-info needs-testing | administration
-------------------------------------------------+-------------------------
Changes (by costdev):
* keywords: has-unit-tests has-patch needs-testing => has-unit-tests has-
patch has-testing-info needs-testing
Comment:
== Test Report
Patch tested: https://github.com/WordPress/wordpress-develop/pull/2242
=== Steps to Reproduce or Test
1. Create a new file `wp-content/plugins/test_54106.php` with the
following contents:
{{{#!php
<?php
/**
* Plugin Name: #54106
* Description: Adds an admin notice to test <a
href='https://core.trac.wordpress.org/ticket/54106'>54106</a>.
* Author: WordPress Core Contributors
* Author URI: https://make.wordpress.org/core
* License: GPLv2 or later
* Version: 1.0.0
*/
add_action(
'admin_notices',
function() {
printf(
'<div class="notice notice-info">%1$s%2$s<form
method="GET">%3$s%4$s</form><br></div>',
'<p><strong>Testing
instructions:</strong><br>Click "Submit" and note the entry for
<code>_wp_http_referer</code> in the URL each time.</p>',
'<p><strong>Expected results:</strong><br>Without
patch: <code>_wp_http_referer</code> is repeatedly appended to the
URL.<br>With patch: <code>_wp_http_referer</code> is not repeatedly
appended to the URL.</p>',
wp_nonce_field(),
'<input type="submit">'
);
}
);
}}}
2. Navigate to `Dashboard`.
3. 🐞 Submit the form in the admin notice. Then submit it again. Repeat as
many times as you want to.
=== Expected Results
When reproducing a bug:
- ❌ `_wp_http_referer` will be added multiple times to the URL and the
hidden `_wp_http_referer` form field.
When testing a patch to validate it works as expected:
- ✅ `_wp_http_referer` will not be added multiple times to the URL and
the hidden `_wp_http_referer` form field.
=== Environment
* Server: Apache (Linux)
* WordPress: 6.1-beta2-54337-src
* Browser: Chrome 106.0.0.0
* OS: Windows 10
* Theme: Twenty Twenty-Two
* Plugins:
* Test #16502 1.0.0
==== Actual Results
When reproducing a bug:
- ❌ Issue reproduced. `_wp_http_referer` was added multiple times to the
URL and the hidden `_wp_http_referer` form field.
When testing a patch to validate it works as expected:
- ✅ Patch resolves the issue. `_wp_http_referer` was not added multiple
times to the URL and the hidden `_wp_http_referer` form field.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54106#comment:21>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list