Verify the MAC earlier in WP_Customize_Widgets. props duck_.
Built from https://develop.svn.wordpress.org/trunk@29377 git-svn-id: http://core.svn.wordpress.org/trunk@29155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
e6b0d0c9ee
commit
4ecf30559b
|
@ -1150,21 +1150,19 @@ final class WP_Customize_Widgets {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get a widget instance's hash key.
|
* Get MAC for a serialized widget instance string.
|
||||||
*
|
*
|
||||||
* Serialize an instance and hash it with the AUTH_KEY; when a JS value is
|
* Allows values posted back from JS to be rejected if any tampering of the
|
||||||
* posted back to save, this instance hash key is used to ensure that the
|
* data has occurred.
|
||||||
* serialized_instance was not tampered with, but that it had originated
|
|
||||||
* from WordPress and so is sanitized.
|
|
||||||
*
|
*
|
||||||
* @since 3.9.0
|
* @since 3.9.0
|
||||||
* @access protected
|
* @access protected
|
||||||
*
|
*
|
||||||
* @param array $instance Widget instance.
|
* @param string $serialized_instance Widget instance.
|
||||||
* @return string Widget instance's hash key.
|
* @return string MAC for serialized widget instance.
|
||||||
*/
|
*/
|
||||||
protected function get_instance_hash_key( $instance ) {
|
protected function get_instance_hash_key( $serialized_instance ) {
|
||||||
return wp_hash( serialize( $instance ) );
|
return wp_hash( $serialized_instance );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1192,18 +1190,19 @@ final class WP_Customize_Widgets {
|
||||||
}
|
}
|
||||||
|
|
||||||
$decoded = base64_decode( $value['encoded_serialized_instance'], true );
|
$decoded = base64_decode( $value['encoded_serialized_instance'], true );
|
||||||
|
|
||||||
if ( false === $decoded ) {
|
if ( false === $decoded ) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
$instance = unserialize( $decoded );
|
|
||||||
|
|
||||||
|
if ( $this->get_instance_hash_key( $decoded ) !== $value['instance_hash_key'] ) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
$instance = unserialize( $decoded );
|
||||||
if ( false === $instance ) {
|
if ( false === $instance ) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if ( $this->get_instance_hash_key( $instance ) !== $value['instance_hash_key'] ) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
return $instance;
|
return $instance;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1224,7 +1223,7 @@ final class WP_Customize_Widgets {
|
||||||
'encoded_serialized_instance' => base64_encode( $serialized ),
|
'encoded_serialized_instance' => base64_encode( $serialized ),
|
||||||
'title' => empty( $value['title'] ) ? '' : $value['title'],
|
'title' => empty( $value['title'] ) ? '' : $value['title'],
|
||||||
'is_widget_customizer_js_value' => true,
|
'is_widget_customizer_js_value' => true,
|
||||||
'instance_hash_key' => $this->get_instance_hash_key( $value ),
|
'instance_hash_key' => $this->get_instance_hash_key( $serialized ),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
return $value;
|
return $value;
|
||||||
|
|
Loading…
Reference in New Issue