Security back ports from masquerade and MarkJaquith.
git-svn-id: http://svn.automattic.com/wordpress/branches/1.5@3627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
658b7540d5
commit
0aa07547e2
|
|
@ -55,7 +55,7 @@ if (isset($_GET['page'])) {
|
|||
}
|
||||
|
||||
if (! file_exists(ABSPATH . "wp-content/plugins/$plugin_page"))
|
||||
die(sprintf(__('Cannot load %s.'), $plugin_page));
|
||||
die(sprintf(__('Cannot load %s.'), htmlentities($plugin_page)));
|
||||
|
||||
if (! isset($_GET['noheader']))
|
||||
require_once(ABSPATH . '/wp-admin/admin-header.php');
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ $editing = true;
|
|||
|
||||
switch($action) {
|
||||
case 'post':
|
||||
|
||||
check_admin_referer();
|
||||
if ( !user_can_create_draft($user_ID) )
|
||||
die( __('You are not allowed to create posts or drafts on this blog.') );
|
||||
|
||||
|
|
@ -268,6 +268,7 @@ case 'edit':
|
|||
break;
|
||||
|
||||
case 'editpost':
|
||||
check_admin_referer();
|
||||
// die(var_dump('<pre>', $_POST));
|
||||
if (!isset($blog_ID)) {
|
||||
$blog_ID = 1;
|
||||
|
|
@ -495,7 +496,7 @@ case 'editcomment':
|
|||
break;
|
||||
|
||||
case 'confirmdeletecomment':
|
||||
|
||||
check_admin_referer();
|
||||
require_once('./admin-header.php');
|
||||
|
||||
$comment = (int) $_GET['comment'];
|
||||
|
|
@ -590,7 +591,7 @@ case 'unapprovecomment':
|
|||
break;
|
||||
|
||||
case 'mailapprovecomment':
|
||||
|
||||
check_admin_referer();
|
||||
$comment = (int) $_GET['comment'];
|
||||
|
||||
$commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
|
||||
|
|
@ -610,7 +611,7 @@ case 'mailapprovecomment':
|
|||
break;
|
||||
|
||||
case 'approvecomment':
|
||||
|
||||
check_admin_referer();
|
||||
$comment = (int) $_GET['comment'];
|
||||
$p = (int) $_GET['p'];
|
||||
if (isset($_GET['noredir'])) {
|
||||
|
|
@ -639,7 +640,7 @@ case 'approvecomment':
|
|||
break;
|
||||
|
||||
case 'editedcomment':
|
||||
|
||||
check_admin_referer();
|
||||
$comment_ID = (int) $_POST['comment_ID'];
|
||||
$comment_post_ID = (int) $_POST['comment_post_ID'];
|
||||
$newcomment_author = $_POST['newcomment_author'];
|
||||
|
|
|
|||
|
|
@ -64,10 +64,10 @@ case 'update':
|
|||
die (__("<strong>ERROR</strong>: you typed your new password only once. Go back to type it twice."));
|
||||
if ( $pass1 != $pass2 )
|
||||
die (__("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that."));
|
||||
$newuser_pass = $pass1;
|
||||
$newuser_pass = $wpdb->escape($pass1);
|
||||
$updatepassword = "user_pass=MD5('$newuser_pass'), ";
|
||||
wp_clearcookie();
|
||||
wp_setcookie($user_login, $newuser_pass);
|
||||
wp_setcookie($user_login, $pass1);
|
||||
}
|
||||
|
||||
$newuser_firstname = wp_specialchars($_POST['newuser_firstname']);
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
|
|||
switch ($action) {
|
||||
case 'update':
|
||||
|
||||
check_admin_referer();
|
||||
|
||||
get_currentuserinfo();
|
||||
$edituser = get_userdata($user_id);
|
||||
if ($edituser->user_level >= $user_level) die( __('You do not have permission to edit this user.') );
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
|||
header('Cache-Control: no-cache, must-revalidate, max-age=0');
|
||||
header('Pragma: no-cache');
|
||||
|
||||
$location = (empty($_POST['redirect_to'])) ? $_SERVER["HTTP_REFERER"] : $_POST['redirect_to'];
|
||||
$location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to'];
|
||||
|
||||
wp_redirect($location);
|
||||
?>
|
||||
File diff suppressed because it is too large
Load Diff
|
|
@ -989,5 +989,12 @@ function ent2ncr($text) {
|
|||
}
|
||||
return $text;
|
||||
}
|
||||
function stripslashes_deep($value)
|
||||
{
|
||||
$value = is_array($value) ?
|
||||
array_map('stripslashes_deep', $value) :
|
||||
stripslashes($value);
|
||||
|
||||
return $value;
|
||||
}
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -352,7 +352,7 @@ function next_post($format='%', $next='next post: ', $title='yes', $in_same_cat=
|
|||
function get_pagenum_link($pagenum = 1) {
|
||||
global $wp_rewrite;
|
||||
|
||||
$qstr = $_SERVER['REQUEST_URI'];
|
||||
$qstr = wp_specialchars($_SERVER['REQUEST_URI']);
|
||||
|
||||
$page_querystring = "paged";
|
||||
$page_modstring = "page/";
|
||||
|
|
|
|||
15
wp-mail.php
15
wp-mail.php
|
|
@ -50,9 +50,7 @@ for ($i=1; $i <= $count; $i++) :
|
|||
if (preg_match('/Subject: /i', $line)) {
|
||||
$subject = trim($line);
|
||||
$subject = substr($subject, 9, strlen($subject)-9);
|
||||
if (!preg_match('#\=\?(.+)\?Q\?(.+)\?\=#i', $subject)) {
|
||||
$subject = wp_iso_descrambler($subject);
|
||||
}
|
||||
$subject = wp_iso_descrambler($subject);
|
||||
// Captures any text in the subject before $phone_delim as the subject
|
||||
$subject = explode($phone_delim, $subject);
|
||||
$subject = $subject[0];
|
||||
|
|
@ -63,8 +61,10 @@ for ($i=1; $i <= $count; $i++) :
|
|||
if (preg_match('/From: /', $line) | preg_match('Reply-To: /', $line)) {
|
||||
$author=trim($line);
|
||||
if ( ereg("([a-zA-Z0-9\_\-\.]+@[\a-zA-z0-9\_\-\.]+)", $author , $regs) ) {
|
||||
echo "Author = {$regs[1]} <p>";
|
||||
$result = $wpdb->get_row("SELECT ID FROM $tableusers WHERE user_email='$regs[1]' ORDER BY ID DESC LIMIT 1");
|
||||
$author = $regs[1];
|
||||
echo "Author = {$author} <p>";
|
||||
$author = $wpdb->escape($author);
|
||||
$result = $wpdb->get_row("SELECT ID FROM $wpdb->users WHERE user_email='$author' LIMIT 1");
|
||||
if (!$result)
|
||||
$post_author = 1;
|
||||
else
|
||||
|
|
@ -81,11 +81,11 @@ for ($i=1; $i <= $count; $i++) :
|
|||
}
|
||||
$date_arr = explode(' ', $ddate);
|
||||
$date_time = explode(':', $date_arr[3]);
|
||||
|
||||
|
||||
$ddate_H = $date_time[0];
|
||||
$ddate_i = $date_time[1];
|
||||
$ddate_s = $date_time[2];
|
||||
|
||||
|
||||
$ddate_m = $date_arr[1];
|
||||
$ddate_d = $date_arr[0];
|
||||
$ddate_Y = $date_arr[2];
|
||||
|
|
@ -136,6 +136,7 @@ for ($i=1; $i <= $count; $i++) :
|
|||
$post_status = 'publish';
|
||||
|
||||
$post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status');
|
||||
$post_data = add_magic_quotes($post_data);
|
||||
|
||||
$post_ID = wp_insert_post($post_data);
|
||||
|
||||
|
|
|
|||
|
|
@ -153,13 +153,19 @@ load_default_textdomain();
|
|||
// Pull in locale data after loading text domain.
|
||||
require_once(ABSPATH . WPINC . '/locale.php');
|
||||
|
||||
if ( !get_magic_quotes_gpc() ) {
|
||||
$_GET = add_magic_quotes($_GET );
|
||||
$_POST = add_magic_quotes($_POST );
|
||||
$_COOKIE = add_magic_quotes($_COOKIE);
|
||||
$_SERVER = add_magic_quotes($_SERVER);
|
||||
// If already slashed, strip.
|
||||
if ( get_magic_quotes_gpc() ) {
|
||||
$_GET = stripslashes_deep($_GET );
|
||||
$_POST = stripslashes_deep($_POST );
|
||||
$_COOKIE = stripslashes_deep($_COOKIE);
|
||||
}
|
||||
|
||||
// Escape with wpdb.
|
||||
$_GET = add_magic_quotes($_GET );
|
||||
$_POST = add_magic_quotes($_POST );
|
||||
$_COOKIE = add_magic_quotes($_COOKIE);
|
||||
$_SERVER = add_magic_quotes($_SERVER);
|
||||
|
||||
function shutdown_action_hook() {
|
||||
do_action('shutdown');
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue