Opened 3 months ago
Last modified 2 months ago
#54106 new defect (bug)
wp_nonce_field in get forms
Reported by: | msolution | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | administration, performance | Cc: |
Description
hey,
while testing one of plugins came across this issue.
recreate the issue:
- create an admin side form with method=get
- add wp_nonce_field() to the form, which in turn also gets wp_referer_field()
- every time u submit, the hidden field _wp_http_referer gets an additional version of _wp_http_referer in the value.
- there comes a time where the form is huge and it wont submit.
Solution:
we should have remove_query_arg() inside the function wp_referer_field(), to remove any instance of _wp_http_referer in the $_SERVER[REQUEST_URI]
Hope this helps.
Attachments (1)
Change History (3)
This ticket was mentioned in Slack in #core-test by hellofromtonya. View the logs.
2 months ago
Note: See
TracTickets for help on using
tickets.
Hello @msolution, thanks for opening the ticket.
Could you add more details to reproduce the issue? Where are you adding the admin form?
Do you mind adding a code snippet?