search

r-a-y / buddypress-followers

Follow users on your BuddyPress site. Similar to Twitter!
http://wordpress.org/plugins/buddypress-followers/
74 stars 39 forks source link

1.2.x branch testing: Logged-in, logged-out, shake it all about #37

Closed henrywright closed 10 years ago

henrywright commented 10 years ago

Hi @r-a-y

Whilst testing #24 I came across another issue (I think unrelated to #24).

Please feel free to change the title of this issue - I've sat here for about 15 minutes trying to come up with a title but still have no idea how to describe the issue in a concise way. Anyway, steps to replicate:

  1. Open 2 browser windows whilst logged-in. Make sure both windows are displaying the same member's profile page (and make sure it is not your own profile). For example:

Window 1:

example.com/members/bobama/

Window 2:

example.com/members/bobama/
  1. Now log out of window 1.
  2. Still in window 1, log in as a completely different member.
  3. Go to window 2 (don't refresh the window) - click the follow button.

You should get some weird message like "are you sure you want to do this?" appear on screen

UPDATE: I think this happens due to the nonce not checking out

r-a-y commented 10 years ago

Yeah, this is a nonce thing, which is definitely a good thing!