Order is not saved for editors after 3.4.1 security fix

hijiriworld / intuitive-custom-post-order

WordPress Plugin: Intuitive Custom Post Order

68 stars 33 forks source link

Order is not saved for editors after 3.4.1 security fix #55

Closed theodejager closed 1 year ago

theodejager commented 1 year ago

@hijiriworld @timohubois

After the last update, when editors re-order items, the new order is not saved.

The nonce verification that was added doesn't seem to pass (in the update_menu_order* functions)

        if ( ! wp_verify_nonce( $_POST['nonce'], 'hicpojs-ajax-nonce' ) ) {
            return;
        }

timohubois commented 1 year ago

@theodejager have you also tested it after clearing the browser cache?

theodejager commented 1 year ago

@timohubois good point, thanks, it seems to work on a clean browser. I suspect I'm not the only one with the problem so I made a pull request to better enqueue the JS/CSS files to prevent caching when they are modified.

https://github.com/hijiriworld/intuitive-custom-post-order/pull/56

timohubois commented 1 year ago

@theodejager great to hear that it works and thanks for the pr. Preventing this issue is currently also included in #54.