Skip to content

Loading…

Nonce conflict with consecutive single/bulk activation #66

Closed
thomasgriffin opened this Issue · 4 comments

2 participants

@thomasgriffin

If you hover over a plugin and click Activate, then select multiple plugins and do a bulk activation, you get a nonce error because the previous nonce is still active. This should either be cleared out or we should do like we do with installations and have the page return if it is active so that they have to refresh the page to view the rest of the plugins.

This only happens when you do a single activation first then a bulk activation. Peculiar little bug.

@thomasgriffin

The conflict is caused because the previous nonce is still in the URL. Maybe a redirect will fix this if it isn't too late to put one in. I'll check it out.

@thomasgriffin

I've fixed this issue and will address in an upcoming commit. Installations aren't affected, but I placed an unset( $_POST ) after a successful singular or bulk activation to make sure the $_POST variable is cleared if someone attempts to perform another singular or bulk plugin activation immediately after the first. This makes sure any old nonces or referers are cleared before the next action.

@thomasgriffin

**Update: this solution only worked when dealing with having to enter FTP credentials since that incoming data would be processed via post. Since it is normally processed via $_GET, there is still a nonce conflict when going from single to bulk activations one after the other. It's too late to do a redirect, so I'm not sure how to approach this.

@GaryJones GaryJones was assigned
@thomasgriffin

Can this be addressed with output buffering? I'm no fan of it, but it may be appropriate here.

@thomasgriffin thomasgriffin added a commit that closed this issue
@thomasgriffin thomasgriffin fixes #66 bb861b2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.