WordPress 2.0.3 Bug: “Are you sure?” dialog when editing comments

Crap! WordPress 2.0.3 shipped with a rather annoying pair triplet of bugs:

  • Editing a comment will generate an “Are you sure?” dialog
  • A bug in the “Are you sure?” dialog adds slashes in front of all of your quote characters
  • After editing comments, you are not forwarded to the correct location

So, when you edit comments, it’ll needlessly take you to the “Are you sure?” dialog (intended for people with blank HTTP_REFERER values) and then it’ll mess up the comment by changing something like:

I'm sleepy

to this:

I\'m sleepy

Enough foreplay… time to fix the stupid thing:

The fix

Forget those steps below… just use this plugin I wrote!

  1. Open up /wp-admin/post.php in a plaintext editor
  2. Line 325 is the bad line: check_admin_referer('update-comment');
  3. Change this line to: check_admin_referer('update-comment' . $_POST['comment_ID']);

I’ll post another entry when I get the “Are you sure?” slashing bug figured out… but note that fixing this bug will avoid that bug, by skipping the “Are you sure?” dialog for comment editing.

41 thoughts on “WordPress 2.0.3 Bug: “Are you sure?” dialog when editing comments

  1. Hey Mark…
    Is there a reason this isn’t fixed in the SVN?

    Also, in 3835, changes have been made to edit-form-comment.php…. I presume these fix the slashing bug?

    Thanks,
    CG

  2. CG,
    It is fixed in SVN. /branches/2.0/ and /trunk/ should be kosher now.

    The slashing bug fix was in /wp-includes/pluggable-functions.php. The edit-form-comment.php fix was to change the nonce key on the receiving end.

    But if you don’t want to run SVN code, I just now released a plugin that fixes the three major issues (“are you sure?” on comments, slashes bug, comment edit redirection bug) without modifying any core code.

  3. Nice fix. I ended up just going ahead and fixing the code itself, though, since it’s not really any more trouble to do that than it is to download, unzip, upload, and activate the plugin itself.

  4. Thanks Mark, you’re the man!
    It *does* work now great.
    Maybe a 2.0.3.1 release? This is quite annoying, and not everyone knows enough to visit the “hacker blogs..”

  5. Don’t know about 2.0.3.1 (ugh, I hate the 4-digit releases!) If it were up to me, I’d wait about 3 weeks, fix as many more bugs as I could, and then release 2.0.4

    We’ll see. Until then, spread the word about the plugin!

  6. Pingback: at Valontuoja
  7. The plugin works great!

    I’m getting another bug with the new upgrade in that I can’t load functions.php. Using the Kubrick default theme (or K2, or any that require that file), clicking on the “Current Theme Options” sub-tab gives me a “Cannot load functions.php” error.

    Or is this just me?

  8. I also have some strange problems when editing a link in the admin backend from the Blogroll. It redirects not correctly. It’s in the linkmanager.php file.

  9. Pingback: DxBlog
  10. I also have some strange problems when editing a link in the admin backend from the Blogroll. It redirects not correctly. It’s in the linkmanager.php file.

Comments are closed.