Multiple comment forms on activity stream lead to duplicated _wpnonce_new_activity_comment input ids

[dcavins]

In the activity stream, we generate a comment form for each activity item that could be commented upon. In both BP Legacy and BP Nouveau, we add a nonce to each <form>, using the same key , _wpnonce_new_activity_comment, which results in an input like <input type="hidden" id="_wpnonce_new_activity_comment" name="_wpnonce_new_activity_comment" value="d34c5f9ffe">.

To make the IDs of these inputs unique (even though the values aren't), I've added a new function to generate nonces with customizable IDs, and changed the form-submit listener logic in Legacy and Nouveau so that the correct input is selected. (We could also change the selectors to find the input by name, like jQuery('input[name="_wpnonce_new_activity_comment"]') if that seems simpler. )

Thanks for your comments!

[dcavins]

Customize IDs of activity comment form nonce inputs.

[imath]

Hi @dcavins

I agree we need to fix this issue. But I believe creating a function for this is not necessary. We can simply pass the activity id when setting the nonce key.

That's what I did in 8004.diff. What do you think of this alternative way?

[dcavins]

Hi @imath,

I didn't even remember opening this ticket, ha ha. Your answer is much better than mine was, and it looks good to me! I didn't test it though (I just read the patch), but can, if that would be helpful.

[imath]

Thanks for your feedback @dcavins :)

I'm confident with it, thanks for proposing to test it. I'll commit it asap.

[imath]

In 12735:

Templates: avoid duplicate IDs into comment form nonce field

We now include the Activity ID to the id attribute of the input tag generated for the nonce field used into the Activity comment form. This makes sure to avoid duplicate IDs when multiple activities are displayed on the activity pages.

Props dcavins

Fixes #8004