”Security check failed” if session expires during editing

17. marraskuuta 2022 klo 19.10
Sijainti: Keskustelupalstat: WordPress Support Forums
Avainsanat: WordPress

Plugin version: 3.6.2

This is similar to one previously reported issue, but I have a specific situation where this occurs (and appears to be 100 % reproducible):

1. Start editing an article
2. Have your session cookie expire (to simulate, you can delete the cookie in browser settings)
3. Continue editing the article, or just wait until the next heartbeat, to have the login form pop up
4. Fill in the login form (over the editor) to log back in
5. Click Save draft

Result is the ”WP to Twitter: Security check failed” error page.

Thankfully, the draft has still been saved, and going back to the editor (using the browser’s back button) restores it. Also the next attempt to Save draft goes through without issues2 (I’ve only tried this using Firefox though, and can’t say if it’s as harmless in other browsers).

I haven’t looked at the code, but if the issue is caused by nonce invalidation at step 2, the plugin should probably update its nonce(s) when login-related hooks fire after step 3.

Vastaa viestiin sen kontekstissa (WordPress Support Forums)