From 7428c2fbbc5cf14a43f0c62bb9c9df54ebd31e3e Mon Sep 17 00:00:00 2001 From: ryan Date: Thu, 11 May 2006 23:05:45 +0000 Subject: [PATCH] Backport nonces and pluggable cookies. git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3771 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin-functions.php | 2 +- wp-admin/admin.php | 2 +- wp-admin/categories.php | 13 +-- wp-admin/edit-comments.php | 9 +- wp-admin/edit-form-advanced.php | 4 +- wp-admin/edit-form-ajax-cat.php | 2 - wp-admin/edit-form-comment.php | 1 + wp-admin/edit-link-form.php | 3 + wp-admin/edit-page-form.php | 8 +- wp-admin/edit-pages.php | 2 +- wp-admin/edit.php | 9 +- wp-admin/inline-uploading.php | 29 ++--- wp-admin/link-categories.php | 15 +-- wp-admin/link-import.php | 3 +- wp-admin/link-manager.php | 22 ++-- wp-admin/list-manipulation.php | 1 - wp-admin/moderation.php | 3 +- wp-admin/options-discussion.php | 1 + wp-admin/options-general.php | 1 + wp-admin/options-misc.php | 2 +- wp-admin/options-permalink.php | 6 +- wp-admin/options-reading.php | 4 +- wp-admin/options-writing.php | 1 + wp-admin/options.php | 5 +- wp-admin/page-new.php | 2 - wp-admin/plugin-editor.php | 3 +- wp-admin/plugins.php | 8 +- wp-admin/post.php | 31 +++--- wp-admin/profile-update.php | 2 +- wp-admin/profile.php | 1 + wp-admin/templates.php | 3 +- wp-admin/theme-editor.php | 3 +- wp-admin/themes.php | 4 +- wp-admin/user-edit.php | 3 +- wp-admin/users.php | 11 +- wp-comments-post.php | 14 +-- wp-includes/capabilities.php | 2 +- wp-includes/classes.php | 3 +- wp-includes/comment-functions.php | 2 - wp-includes/functions-compat.php | 13 +++ wp-includes/functions.php | 34 +++++- wp-includes/kses.php | 5 - wp-includes/pluggable-functions.php | 119 +++++++++++++++------ wp-includes/registration-functions.php | 3 +- wp-includes/template-functions-general.php | 20 ++-- wp-login.php | 10 +- 46 files changed, 280 insertions(+), 164 deletions(-) diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index a4d0a01d9b..269f415782 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -643,7 +643,7 @@ function page_rows($parent = 0, $level = 0, $pages = 0) { post_modified); ?> " . __('Edit') . ""; } ?> - " . __('Delete') . ""; } ?> + " . __('Delete') . ""; } ?>

+ cat_ID); ?> @@ -96,7 +96,8 @@ case 'edit': break; case 'editedcat': - check_admin_referer(); + $cat_ID = (int) $_POST['cat_ID']; + check_admin_referer('update-category' . $cat_ID); if ( !current_user_can('manage_categories') ) die (__('Cheatin’ uh?')); @@ -150,7 +151,7 @@ cat_rows();

- +



diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index e804582a54..97ab12b172 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -39,7 +39,7 @@ function checkAll(form)

|

comment_post_ID) ) { echo " | comment_ID."\">" . __('Edit Comment') . ""; - echo " | comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars( $comment->comment_author, 1 )) . "' );\">" . __('Delete Comment') . " — "; + echo ' | comment_author, 1)) . "' );\">" . __('Delete Comment') . ' '; } // end if any comments to show // Get post title if ( current_user_can('edit_post', $comment->comment_post_ID) ) { @@ -126,8 +126,9 @@ if ('view' == $mode) { } elseif ('edit' == $mode) { if ($comments) { - echo ' -
+ echo ' '; + wp_nonce_field('bulk-comments'); + echo '
diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index 3f9390a892..bee6a9beac 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -22,9 +22,11 @@ if (0 == $post_ID) { $form_action = 'post'; $temp_ID = -1 * time(); $form_extra = ""; + wp_nonce_field('add-post'); } else { $form_action = 'editpost'; $form_extra = ""; + wp_nonce_field('update-post' . $post_ID); } $form_pingback = ''; @@ -220,7 +222,7 @@ else ' . __('This feature requires iframe support.') . ''; diff --git a/wp-admin/edit-form-ajax-cat.php b/wp-admin/edit-form-ajax-cat.php index 55d10fc541..f1823343b6 100644 --- a/wp-admin/edit-form-ajax-cat.php +++ b/wp-admin/edit-form-ajax-cat.php @@ -3,8 +3,6 @@ require_once('../wp-config.php'); require_once('admin-functions.php'); require_once('admin-db.php'); -get_currentuserinfo(); - if ( !current_user_can('manage_categories') ) die('-1'); if ( !check_ajax_referer() ) diff --git a/wp-admin/edit-form-comment.php b/wp-admin/edit-form-comment.php index fb72058f49..c37e1a273b 100644 --- a/wp-admin/edit-form-comment.php +++ b/wp-admin/edit-form-comment.php @@ -6,6 +6,7 @@ $form_extra = "' />\ncomment_ID) ?>
diff --git a/wp-admin/edit-link-form.php b/wp-admin/edit-link-form.php index d782813e53..6d4d71ebf2 100644 --- a/wp-admin/edit-link-form.php +++ b/wp-admin/edit-link-form.php @@ -4,11 +4,13 @@ if ( ! empty($link_id) ) { $heading = __('Edit a link:'); $submit_text = __('Save Changes »'); $form = ''; + $nonce_action = 'update-bookmark' . $link_id; } else { $editing = false; $heading = __('Add a link:'); $submit_text = __('Add Link »'); $form = ''; + $nonce_action = 'add-bookmark'; } function xfn_check($class, $value = '', $type = 'check') { @@ -33,6 +35,7 @@ function xfn_check($class, $value = '', $type = 'check') {
+

diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php index ae59489740..951b87f44a 100644 --- a/wp-admin/edit-page-form.php +++ b/wp-admin/edit-page-form.php @@ -5,11 +5,13 @@ "; } else { $form_action = 'editpost'; - $form_extra = ""; + $nonce_action = 'update-post' . $post_ID; + $form_extra = ""; } $sendto = $_SERVER['HTTP_REFERER']; @@ -23,6 +25,8 @@ $sendto = wp_specialchars( $sendto ); '; } @@ -186,7 +190,7 @@ else ' . __('This feature requires iframe support.') . ''; diff --git a/wp-admin/edit-pages.php b/wp-admin/edit-pages.php index 8d44faf75b..74b9208cc8 100644 --- a/wp-admin/edit-pages.php +++ b/wp-admin/edit-pages.php @@ -52,7 +52,7 @@ foreach ( $posts as $post ) :
- + $column_display_name) { case 'control_delete': ?> - + comment_ID); ID) ) { echo "[ comment_ID."\">" . __('Edit') . ""; - echo " - ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), wp_specialchars( $comment->comment_author, 1 )) . "')\">" . __('Delete') . " "; + echo ' - comment_author, 1)) . "');\">" . __('Delete') . ' '; + if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { if ('approved' == wp_get_comment_status($comment->comment_ID)) { - echo " - ID."&comment=".$comment->comment_ID."\">" . __('Unapprove') . " "; + echo ' - ' . __('Unapprove') . ' '; } else { - echo " - ID."&comment=".$comment->comment_ID."\">" . __('Approve') . " "; + echo ' - ' . __('Approve') . ' '; } } echo "]"; diff --git a/wp-admin/inline-uploading.php b/wp-admin/inline-uploading.php index 4275a07b90..9b7155427d 100644 --- a/wp-admin/inline-uploading.php +++ b/wp-admin/inline-uploading.php @@ -2,8 +2,6 @@ require_once('admin.php'); -check_admin_referer(); - header('Content-Type: text/html; charset=' . get_option('blog_charset')); if (!current_user_can('upload_files')) @@ -36,16 +34,20 @@ break; case 'delete': +check_admin_referer('inlineuploading'); + if ( !current_user_can('edit_post', (int) $attachment) ) die(__('You are not allowed to delete this attachment.').' ".__('Go back').''); wp_delete_attachment($attachment); -header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=$start"); +header("Location: " . basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start"); die; case 'save': +check_admin_referer('inlineuploading'); + $overrides = array('action'=>'save'); $file = wp_handle_upload($_FILES['image'], $overrides); @@ -100,7 +102,7 @@ if ( preg_match('!^image/!', $attachment['post_mime_type']) ) { add_post_meta($id, '_wp_attachment_metadata', array()); } -header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=0"); +header("Location: " . basename(__FILE__) . "?post=$post&all=$all&action=view&start=0"); die(); case 'upload': @@ -139,7 +141,7 @@ if ( '' == $sort ) $attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_status = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A); if ( count($attachments) == 0 ) { - header("Location: ".basename(__FILE__)."?post=$post&action=upload"); + header("Location: " . basename(__FILE__) ."?post=$post&action=upload" ); die; } elseif ( count($attachments) > $num ) { $next = $start + count($attachments) - $num; @@ -213,7 +215,7 @@ var icon = new Array(); "; $send_delete_cancel = "$__send_to_editor -$__delete +$__delete$__close "; $uwidth_sum += 128; @@ -641,25 +643,25 @@ th { - + +

diff --git a/wp-admin/link-import.php b/wp-admin/link-import.php index 496035b3e5..723d192158 100644 --- a/wp-admin/link-import.php +++ b/wp-admin/link-import.php @@ -24,6 +24,7 @@ switch ($step) {

+

@@ -63,7 +64,7 @@ foreach ($categories as $category) { } // end case 0 case 1: { - check_admin_referer(); + check_admin_referer('import-bookmarks'); include_once('admin-header.php'); if ( !current_user_can('manage_links') ) diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php index 5626570f80..9e0e6a6f82 100644 --- a/wp-admin/link-manager.php +++ b/wp-admin/link-manager.php @@ -39,7 +39,7 @@ if ('' != $_POST['linkcheck']) $linkcheck = $_POST[linkcheck]; switch ($action) { case 'assign': { - check_admin_referer(); + check_admin_referer('bulk-bookmarks'); // check the current user's level first. if ( !current_user_can('manage_links') ) @@ -67,7 +67,7 @@ switch ($action) { } case 'visibility': { - check_admin_referer(); + check_admin_referer('bulk-bookmarks'); // check the current user's level first. if ( !current_user_can('manage_links') ) @@ -104,7 +104,7 @@ switch ($action) { } case 'move': { - check_admin_referer(); + check_admin_referer('bulk-bookmarks'); // check the current user's level first. if ( !current_user_can('manage_links') ) @@ -125,7 +125,7 @@ switch ($action) { case 'Add': { - check_admin_referer(); + check_admin_referer('add-bookmark'); add_link(); @@ -135,8 +135,8 @@ switch ($action) { case 'editlink': { - - check_admin_referer(); + $link_id = (int) $_POST['link_id']; + check_admin_referer('update-bookmark' . $link_id); if (isset($links_show_cat_id) && ($links_show_cat_id != '')) $cat_id = $links_show_cat_id; @@ -147,7 +147,6 @@ switch ($action) { } $links_show_cat_id = $cat_id; - $link_id = (int) $_POST['link_id']; edit_link($link_id); setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600); @@ -157,13 +156,12 @@ switch ($action) { case 'Delete': { - check_admin_referer(); + $link_id = (int) $_GET['link_id']; + check_admin_referer('delete-bookmark' . $link_id); if ( !current_user_can('manage_links') ) die (__("Cheatin' uh ?")); - $link_id = (int) $_GET['link_id']; - wp_delete_link($link_id); if (isset($links_show_cat_id) && ($links_show_cat_id != '')) @@ -320,6 +318,7 @@ function checkAll(form)
+ @@ -383,11 +382,12 @@ LINKS; if ($show_buttons) { echo '
'; - echo ''; + echo ''; echo ''; } else { echo "\n"; } + echo "\n \n"; } } diff --git a/wp-admin/list-manipulation.php b/wp-admin/list-manipulation.php index 7887697695..3cae284e58 100644 --- a/wp-admin/list-manipulation.php +++ b/wp-admin/list-manipulation.php @@ -3,7 +3,6 @@ require_once('../wp-config.php'); require_once('admin-functions.php'); require_once('admin-db.php'); -get_currentuserinfo(); if ( !is_user_logged_in() ) die('-1'); if ( !check_ajax_referer() ) diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php index d722d14d6d..b77525923c 100644 --- a/wp-admin/moderation.php +++ b/wp-admin/moderation.php @@ -32,7 +32,7 @@ switch($action) { case 'update': - check_admin_referer(); + check_admin_referer('moderate-comments'); if ( ! current_user_can('moderate_comments') ) die('

'.__('Your level is not high enough to moderate comments.').'

'); @@ -132,6 +132,7 @@ if ($comments) { ?>

+

    +
    (These settings may be overridden for individual articles.)') ?>
      diff --git a/wp-admin/options-general.php b/wp-admin/options-general.php index 1d9c453f14..664dc3a1b4 100644 --- a/wp-admin/options-general.php +++ b/wp-admin/options-general.php @@ -10,6 +10,7 @@ include('./admin-header.php');

      +
* ' . __('Name') . 'post_modified); ?> ID' class='edit'>" . __('Edit') . ""; } ?>ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . ""; } ?>ID", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . ""; } ?>
ID) ) { echo "" . __('Delete') . ""; } ?>ID) ) { echo "ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . ""; } ?> text_after_all)?> list_limit ?> cat_name,1)); ?>' );" class="delete">cat_id?>&action=Delete", 'delete-link-category' . $row->cat_id) ?>" "onclick="return deleteSomething( 'link category', cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete">
' . __('Edit') . 'link_id , '" . sprintf(__("You are about to delete the "%s" link to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name,1), wp_specialchars($link->link_url)) . '\' );" class="delete">' . __('Delete') . 'link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'   
diff --git a/wp-admin/options-misc.php b/wp-admin/options-misc.php index 711a4ccdc7..b4ff4efb00 100644 --- a/wp-admin/options-misc.php +++ b/wp-admin/options-misc.php @@ -11,7 +11,7 @@ include('admin-header.php');

- +
diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php index 62d4757e16..cf16d89b43 100644 --- a/wp-admin/options-permalink.php +++ b/wp-admin/options-permalink.php @@ -57,8 +57,8 @@ include('admin-header.php'); $home_path = get_home_path(); -if ( isset($_POST) ) { - check_admin_referer(); +if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) { + check_admin_referer('update-permalink'); if ( isset($_POST['permalink_structure']) ) { $permalink_structure = $_POST['permalink_structure']; @@ -117,6 +117,7 @@ $structures = array( ); ?> +

.htaccess file were writable, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your .htaccess file. Click in the field and press CTRL + a to select all.') ?>

+

diff --git a/wp-admin/options-reading.php b/wp-admin/options-reading.php index 30f06d27a6..1d0fd8aafb 100644 --- a/wp-admin/options-reading.php +++ b/wp-admin/options-reading.php @@ -9,7 +9,9 @@ include('admin-header.php');

- + + +
diff --git a/wp-admin/options-writing.php b/wp-admin/options-writing.php index d3d2fbaef6..96fa30fff2 100644 --- a/wp-admin/options-writing.php +++ b/wp-admin/options-writing.php @@ -10,6 +10,7 @@ include('admin-header.php');

+
diff --git a/wp-admin/options.php b/wp-admin/options.php index de5999c653..20f4afbc31 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -29,7 +29,7 @@ switch($action) { case 'update': $any_changed = 0; - check_admin_referer(); + check_admin_referer('update-options'); if (!$_POST['page_options']) { foreach ($_POST as $key => $value) { @@ -68,8 +68,6 @@ case 'update': if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) { // If home changed, write rewrite rules to new location. $wp_rewrite->flush_rules(); - // Get currently logged in user and password. - get_currentuserinfo(); // Clear cookies for old paths. wp_clearcookie(); // Set cookies for new paths. @@ -91,6 +89,7 @@ default:

+
post_status = 'static'; diff --git a/wp-admin/plugin-editor.php b/wp-admin/plugin-editor.php index 05df573b76..9492e1d9b3 100644 --- a/wp-admin/plugin-editor.php +++ b/wp-admin/plugin-editor.php @@ -34,7 +34,7 @@ switch($action) { case 'update': - check_admin_referer(); + check_admin_referer('edit-plugin' . $file); if ( !current_user_can('edit_plugins') ) die('

'.__('You have do not have sufficient permissions to edit templates for this blog.').'

'); @@ -97,6 +97,7 @@ if ($plugin_files) : +
diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php index 69d31ec010..521a5d1f8b 100644 --- a/wp-admin/plugins.php +++ b/wp-admin/plugins.php @@ -2,9 +2,8 @@ require_once('admin.php'); if ( isset($_GET['action']) ) { - check_admin_referer(); - if ('activate' == $_GET['action']) { + check_admin_referer('activate-plugin' . $_GET['plugin']); $current = get_settings('active_plugins'); if (!in_array($_GET['plugin'], $current)) { $current[] = trim( $_GET['plugin'] ); @@ -15,6 +14,7 @@ if ( isset($_GET['action']) ) { } header('Location: plugins.php?activate=true'); } else if ('deactivate' == $_GET['action']) { + check_admin_referer('deactivate-plugin' . $_GET['plugin']); $current = get_settings('active_plugins'); array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu! update_option('active_plugins', $current); @@ -98,11 +98,11 @@ if (empty($plugins)) { $style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate'; if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) { - $action = "".__('Deactivate').""; + $action = "".__('Deactivate').""; $plugin_data['Title'] = "{$plugin_data['Title']}"; $style .= $style == 'alternate' ? ' active' : 'active'; } else { - $action = "".__('Activate').""; + $action = "".__('Activate').""; } $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ; if ($style != '') $style = 'class="' . $style . '"'; diff --git a/wp-admin/post.php b/wp-admin/post.php index 1e64278f06..27877ad828 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -30,7 +30,7 @@ $editing = true; switch($action) { case 'post': - check_admin_referer(); + check_admin_referer('add-post'); $post_ID = write_post(); @@ -87,10 +87,10 @@ case 'edit': break; case 'editattachment': - check_admin_referer(); - $post_id = (int) $_POST['post_ID']; + check_admin_referer('update-attachment' . $post_id); + // Don't let these be changed unset($_POST['guid']); $_POST['post_status'] = 'attachment'; @@ -105,7 +105,8 @@ case 'editattachment': add_post_meta($post_id, '_wp_attachment_metadata', $newmeta); case 'editpost': - check_admin_referer(); + $post_ID = (int) $_POST['post_ID']; + check_admin_referer('update-post' . $post_ID); $post_ID = edit_post(); @@ -130,9 +131,8 @@ case 'editpost': break; case 'delete': - check_admin_referer(); - $post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']); + check_admin_referer('delete-post' . $post_id); $post = & get_post($post_id); @@ -212,10 +212,9 @@ case 'confirmdeletecomment': break; case 'deletecomment': - - check_admin_referer(); - $comment = (int) $_GET['comment']; + check_admin_referer('delete-comment' . $comment); + $p = (int) $_GET['p']; if (isset($_GET['noredir'])) { $noredir = true; @@ -243,10 +242,9 @@ case 'deletecomment': break; case 'unapprovecomment': - - check_admin_referer(); - $comment = (int) $_GET['comment']; + check_admin_referer('unapprove-comment' . $comment); + $p = (int) $_GET['p']; if (isset($_GET['noredir'])) { $noredir = true; @@ -271,8 +269,8 @@ case 'unapprovecomment': break; case 'mailapprovecomment': - $comment = (int) $_GET['comment']; + check_admin_referer('approve-comment' . $comment); if ( ! $comment = get_comment($comment) ) die(sprintf(__('Oops, no comment with this ID. Go back!'), 'edit.php')); @@ -291,10 +289,9 @@ case 'mailapprovecomment': break; case 'approvecomment': - - check_admin_referer(); - $comment = (int) $_GET['comment']; + check_admin_referer('approve-comment' . $comment); + $p = (int) $_GET['p']; if (isset($_GET['noredir'])) { $noredir = true; @@ -324,7 +321,7 @@ case 'approvecomment': case 'editedcomment': - check_admin_referer(); + check_admin_referer('update-comment'); edit_comment(); diff --git a/wp-admin/profile-update.php b/wp-admin/profile-update.php index b3cb166f60..20fd95eea3 100644 --- a/wp-admin/profile-update.php +++ b/wp-admin/profile-update.php @@ -2,7 +2,7 @@ require_once('admin.php'); -check_admin_referer(); +check_admin_referer('update-profile' . $user_ID); if ( !$_POST ) die( __('No post?') ); diff --git a/wp-admin/profile.php b/wp-admin/profile.php index 1966cef876..5b5f074124 100644 --- a/wp-admin/profile.php +++ b/wp-admin/profile.php @@ -19,6 +19,7 @@ $bookmarklet_height= 440;

+

diff --git a/wp-admin/templates.php b/wp-admin/templates.php index d330970ffc..de9d83ac65 100644 --- a/wp-admin/templates.php +++ b/wp-admin/templates.php @@ -36,7 +36,7 @@ switch($action) { case 'update': - check_adimn_referer(); + check_admin_referer('edit-file' . $file); if ( ! current_user_can('edit_files') ) die('

'.__('You have do not have sufficient permissions to edit templates for this blog.').'

'); @@ -128,6 +128,7 @@ endif;
+
diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php index 10d2d7adb9..24422ef7ad 100644 --- a/wp-admin/theme-editor.php +++ b/wp-admin/theme-editor.php @@ -47,7 +47,7 @@ switch($action) { case 'update': - check_admin_referer(); + check_admin_referer('edit-theme' . $file . $theme); if ( !current_user_can('edit_themes') ) die('

'.__('You have do not have sufficient permissions to edit templates for this blog.').'

'); @@ -131,6 +131,7 @@ if ($allowed_files) : if (!$error) { ?> +
diff --git a/wp-admin/themes.php b/wp-admin/themes.php index a17ea3cdc9..2a5418a52c 100644 --- a/wp-admin/themes.php +++ b/wp-admin/themes.php @@ -2,7 +2,7 @@ require_once('admin.php'); if ( isset($_GET['action']) ) { - check_admin_referer(); + check_admin_referer('switch-theme' . $_GET['template']); if ('activate' == $_GET['action']) { if ( isset($_GET['template']) ) @@ -69,7 +69,7 @@ foreach ($theme_names as $theme_name) { $author = $themes[$theme_name]['Author']; $screenshot = $themes[$theme_name]['Screenshot']; $stylesheet_dir = $themes[$theme_name]['Stylesheet Dir']; - $activate_link = "themes.php?action=activate&template=$template&stylesheet=$stylesheet"; + $activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme' . $template); ?>

diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index 430c823370..b604aa76b1 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -32,7 +32,7 @@ break; case 'update': -check_admin_referer(); +check_admin_referer('update-user' . $user_id); $errors = array(); @@ -73,6 +73,7 @@ if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permi

+

diff --git a/wp-admin/users.php b/wp-admin/users.php index ab555323cf..604d86af3e 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -11,7 +11,7 @@ $update = ''; switch ($action) { case 'promote': - check_admin_referer(); + check_admin_referer('bulk-users'); if (empty($_POST['users'])) { header('Location: users.php'); @@ -39,7 +39,7 @@ break; case 'dodelete': - check_admin_referer(); + check_admin_referer('delete-users'); if ( empty($_POST['users']) ) { header('Location: users.php'); @@ -72,7 +72,7 @@ break; case 'delete': - check_admin_referer(); + check_admin_referer('bulk-users'); if (empty($_POST['users'])) { header('Location: users.php'); @@ -86,6 +86,7 @@ case 'delete': include ('admin-header.php'); ?> +

@@ -131,7 +132,7 @@ case 'delete': break; case 'adduser': - check_admin_referer(); + check_admin_referer('add-user'); $errors = add_user(); @@ -200,6 +201,7 @@ default: ?> +

@@ -280,6 +282,7 @@ $role_select .= '';

'.sprintf(__('Users can register themselves or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'

'; ?> +
diff --git a/wp-comments-post.php b/wp-comments-post.php index 953de6848b..3be6142c62 100644 --- a/wp-comments-post.php +++ b/wp-comments-post.php @@ -24,11 +24,11 @@ $comment_author_url = trim($_POST['url']); $comment_content = trim($_POST['comment']); // If the user is logged in -get_currentuserinfo(); -if ( $user_ID ) : - $comment_author = $wpdb->escape($user_identity); - $comment_author_email = $wpdb->escape($user_email); - $comment_author_url = $wpdb->escape($user_url); +$user = wp_get_current_user(); +if ( $user->ID ) : + $comment_author = $wpdb->escape($user->display_name); + $comment_author_email = $wpdb->escape($user->user_email); + $comment_author_url = $wpdb->escape($user->user_url); else : if ( get_option('comment_registration') ) die( __('Sorry, you must be logged in to post a comment.') ); @@ -36,7 +36,7 @@ endif; $comment_type = ''; -if ( get_settings('require_name_email') && !$user_ID ) { +if ( get_settings('require_name_email') && !$user->ID ) { if ( 6 > strlen($comment_author_email) || '' == $comment_author ) die( __('Error: please fill the required fields (name, email).') ); elseif ( !is_email($comment_author_email)) @@ -50,7 +50,7 @@ $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_emai $comment_id = wp_new_comment( $commentdata ); -if ( !$user_ID ) : +if ( !$user->ID ) : $comment = get_comment($comment_id); setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php index b5cea726bf..de99631744 100644 --- a/wp-includes/capabilities.php +++ b/wp-includes/capabilities.php @@ -309,7 +309,7 @@ function map_meta_cap($cap, $user_id) { // Capability checking wrapper around the global $current_user object. function current_user_can($capability) { - global $current_user; + $current_user = wp_get_current_user(); $args = array_slice(func_get_args(), 1); $args = array_merge(array($capability), $args); diff --git a/wp-includes/classes.php b/wp-includes/classes.php index 01908bbedc..0f99d52e7a 100644 --- a/wp-includes/classes.php +++ b/wp-includes/classes.php @@ -1604,7 +1604,6 @@ class WP { } function send_headers() { - global $current_user; @header('X-Pingback: '. get_bloginfo('pingback_url')); if ( is_user_logged_in() ) nocache_headers(); @@ -1681,7 +1680,7 @@ class WP { } function init() { - get_currentuserinfo(); + wp_get_current_user(); } function query_posts() { diff --git a/wp-includes/comment-functions.php b/wp-includes/comment-functions.php index 25e422efea..c4a08e0c44 100644 --- a/wp-includes/comment-functions.php +++ b/wp-includes/comment-functions.php @@ -34,8 +34,6 @@ function comments_template( $file = '/comments.php' ) { $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date"); } - get_currentuserinfo(); - define('COMMENTS_TEMPLATE', true); $include = apply_filters('comments_template', TEMPLATEPATH . $file ); if ( file_exists( $include ) ) diff --git a/wp-includes/functions-compat.php b/wp-includes/functions-compat.php index b2de8a98d9..1fc9c5bf7b 100644 --- a/wp-includes/functions-compat.php +++ b/wp-includes/functions-compat.php @@ -97,4 +97,17 @@ if (!function_exists('array_change_key_case')) { } } +// From php.net +if(!function_exists('http_build_query')) { + function http_build_query( $formdata, $numeric_prefix = null, $key = null ) { + $res = array(); + foreach ((array)$formdata as $k=>$v) { + $tmp_key = urlencode(is_int($k) ? $numeric_prefix.$k : $k); + if ($key) $tmp_key = $key.'['.$tmp_key.']'; + $res[] = ( ( is_array($v) || is_object($v) ) ? http_build_query($v, null, $tmp_key) : $tmp_key."=".urlencode($v) ); + } + $separator = ini_get('arg_separator.output'); + return implode($separator, $res); + } +} ?> diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 3c0578730b..9387ebbda2 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -305,10 +305,10 @@ function get_option($option) { } function get_user_option( $option, $user = 0 ) { - global $wpdb, $current_user; + global $wpdb; if ( empty($user) ) - $user = $current_user; + $user = wp_get_current_user(); else $user = get_userdata($user); @@ -1147,6 +1147,28 @@ function setup_postdata($post) { return true; } +// Setup global user vars. Used by set_current_user() for back compat. +function setup_userdata($user_id = '') { + global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity; + + if ( '' == $user_id ) + $user = wp_get_current_user(); + else + $user = new WP_User($user_id); + + if ( 0 == $user->ID ) + return; + + $userdata = $user->data; + $user_login = $user->user_login; + $user_level = $user->user_level; + $user_ID = $user->ID; + $user_email = $user->user_email; + $user_url = $user->user_url; + $user_pass_md5 = md5($user->user_pass); + $user_identity = $user->display_name; +} + function is_new_day() { global $day, $previousday; if ( $day != $previousday ) { @@ -2288,4 +2310,12 @@ function get_num_queries() { return $wpdb->num_queries; } +function wp_nonce_url($actionurl, $action = -1) { + return add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl); +} + +function wp_nonce_field($action = -1) { + echo ''; +} + ?> diff --git a/wp-includes/kses.php b/wp-includes/kses.php index a0bdf2c8da..97bed209a5 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -528,16 +528,11 @@ function kses_init_filters() { } function kses_init() { - global $current_user; - remove_filter('pre_comment_author', 'wp_filter_kses'); remove_filter('pre_comment_content', 'wp_filter_kses'); remove_filter('content_save_pre', 'wp_filter_post_kses'); remove_filter('title_save_pre', 'wp_filter_kses'); - if (! defined('XMLRPC_REQUEST') ) - get_currentuserinfo(); - if (current_user_can('unfiltered_html') == false) kses_init_filters(); } diff --git a/wp-includes/pluggable-functions.php b/wp-includes/pluggable-functions.php index 546fd6e955..8528ba8e13 100644 --- a/wp-includes/pluggable-functions.php +++ b/wp-includes/pluggable-functions.php @@ -5,21 +5,20 @@ if ( !function_exists('set_current_user') ) : function set_current_user($id, $name = '') { - global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user; + return wp_set_current_user($id, $name); +} +endif; - $current_user = ''; +if ( !function_exists('wp_set_current_user') ) : +function wp_set_current_user($id, $name = '') { + global $current_user; - $current_user = new WP_User($id, $name); + if ( isset($current_user) && ($id == $current_user->ID) ) + return $current_user; - $userdata = get_userdatabylogin($user_login); + $current_user = new WP_User($id, $name); - $user_login = $userdata->user_login; - $user_level = $userdata->user_level; - $user_ID = $userdata->ID; - $user_email = $userdata->user_email; - $user_url = $userdata->user_url; - $user_pass_md5 = md5($userdata->user_pass); - $user_identity = $userdata->display_name; + setup_userdata($current_user->ID); do_action('set_current_user'); @@ -27,30 +26,34 @@ function set_current_user($id, $name = '') { } endif; +if ( !function_exists('current_user') ) : +function wp_get_current_user() { + global $current_user; + + get_currentuserinfo(); + + return $current_user; +} +endif; if ( !function_exists('get_currentuserinfo') ) : function get_currentuserinfo() { - global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user; + global $current_user; if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ) return false; + if ( ! empty($current_user) ) + return; + if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) || !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) { - $current_user = new WP_User(0); + wp_set_current_user(0); return false; } - $user_login = $_COOKIE[USER_COOKIE]; - $userdata = get_userdatabylogin($user_login); - $user_level = $userdata->user_level; - $user_ID = $userdata->ID; - $user_email = $userdata->user_email; - $user_url = $userdata->user_url; - $user_pass_md5 = md5($userdata->user_pass); - $user_identity = $userdata->display_name; - if ( empty($current_user) ) - $current_user = new WP_User($user_ID); + $user_login = $_COOKIE[USER_COOKIE]; + wp_set_current_user(0, $user_login); } endif; @@ -201,10 +204,11 @@ endif; if ( !function_exists('is_user_logged_in') ) : function is_user_logged_in() { - global $current_user; + $user = wp_get_current_user(); - if ( $current_user->id == 0 ) + if ( $user->id == 0 ) return false; + return true; } endif; @@ -224,14 +228,34 @@ function auth_redirect() { endif; if ( !function_exists('check_admin_referer') ) : -function check_admin_referer() { +function check_admin_referer($action = -1) { + global $pagenow; $adminurl = strtolower(get_settings('siteurl')).'/wp-admin'; $referer = strtolower($_SERVER['HTTP_REFERER']); - if (!strstr($referer, $adminurl)) - die(__('Sorry, you need to enable sending referrers for this feature to work.')); + if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) ) { + $html = "\n\n\n"; + $html .= "\n\t" . __('WordPress Confirmation') . "\n"; + $html .= "\n\n"; + if ( $_POST ) { + $q = http_build_query($_POST); + $q = explode( ini_get('arg_separator.output'), $q); + $html .= "\t\n"; + foreach ( (array) $q as $a ) { + $v = substr(strstr($a, '='), 1); + $k = substr($a, 0, -(strlen($v)+1)); + $html .= "\t\t\n"; + } + $html .= "\t\t\n"; + $html .= "\t\t

" . __('Are you sure you want to do this?') . "

\n\t\t

No

\n\t\n"; + } else { + $html .= "\t

" . __('Are you sure you want to do this?') . "

\n\t\t

No " . __('Yes') . "

\n"; + } + $html .= "\n"; + + die($html); + } do_action('check_admin_referer'); -} -endif; +}endif; if ( !function_exists('check_ajax_referer') ) : function check_ajax_referer() { @@ -263,6 +287,16 @@ function wp_redirect($location) { } endif; +if ( !function_exists('wp_get_cookie_login') ): +function wp_get_cookie_login() { + if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ) + return false; + + return array('login' => $_COOKIE[USER_COOKIE], 'password' => $_COOKIE[PASS_COOKIE]); +} + +endif; + if ( !function_exists('wp_setcookie') ) : function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) { if ( !$already_md5 ) @@ -444,4 +478,29 @@ function wp_new_user_notification($user_id, $plaintext_pass = '') { } endif; +if ( !function_exists('wp_verify_nonce') ) : +function wp_verify_nonce($nonce, $action = -1) { + $user = wp_get_current_user(); + $uid = $user->id; + + $i = ceil(time() / 43200); + + //Allow for expanding range, but only do one check if we can + if( substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10) == $nonce || substr(md5(($i - 1) . DB_PASSWORD . $action . $uid), -12, 10) == $nonce ) + return true; + return false; +} +endif; + +if ( !function_exists('wp_create_nonce') ) : +function wp_create_nonce($action = -1) { + $user = wp_get_current_user(); + $uid = $user->id; + + $i = ceil(time() / 43200); + + return substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10); +} +endif; + ?> diff --git a/wp-includes/registration-functions.php b/wp-includes/registration-functions.php index ff9db3d226..41f479769f 100644 --- a/wp-includes/registration-functions.php +++ b/wp-includes/registration-functions.php @@ -93,7 +93,7 @@ function wp_insert_user($userdata) { } function wp_update_user($userdata) { - global $wpdb, $current_user; + global $wpdb; $ID = (int) $userdata['ID']; @@ -114,6 +114,7 @@ function wp_update_user($userdata) { $user_id = wp_insert_user($userdata); // Update the cookies if the password changed. + $current_user = wp_get_current_user(); if( $current_user->id == $ID ) { if ( isset($plaintext_pass) ) { wp_clearcookie(); diff --git a/wp-includes/template-functions-general.php b/wp-includes/template-functions-general.php index fd05904319..42ef3a2143 100644 --- a/wp-includes/template-functions-general.php +++ b/wp-includes/template-functions-general.php @@ -27,10 +27,7 @@ function get_sidebar() { function wp_loginout() { - global $user_ID; - get_currentuserinfo(); - - if ('' == $user_ID) + if ( ! is_user_logged_in() ) $link = '' . __('Login') . ''; else $link = '' . __('Logout') . ''; @@ -40,16 +37,15 @@ function wp_loginout() { function wp_register( $before = '
  • ', $after = '
  • ' ) { - global $user_ID; - get_currentuserinfo(); - - if ( '' == $user_ID && get_settings('users_can_register') ) - $link = $before . '' . __('Register') . '' . $after; - elseif ( '' == $user_ID && !get_settings('users_can_register') ) - $link = ''; - else + if ( ! is_user_logged_in() ) { + if ( get_settings('users_can_register') ) + $link = $before . '' . __('Register') . '' . $after; + else + $link = ''; + } else { $link = $before . '' . __('Site Admin') . '' . $after; + } echo apply_filters('register', $link); } diff --git a/wp-login.php b/wp-login.php index 0864edbd07..964e59b764 100644 --- a/wp-login.php +++ b/wp-login.php @@ -177,12 +177,12 @@ default: $user_login = sanitize_user( $user_login ); $user_pass = $_POST['pwd']; $rememberme = $_POST['rememberme']; - } elseif ( !empty($_COOKIE) ) { - if ( !empty($_COOKIE[USER_COOKIE]) ) - $user_login = $_COOKIE[USER_COOKIE]; - if ( !empty($_COOKIE[PASS_COOKIE]) ) { - $user_pass = $_COOKIE[PASS_COOKIE]; + } else { + $cookie_login = wp_get_cookie_login(); + if ( ! empty($cookie_login) ) { $using_cookie = true; + $user_login = $cookie_login['login']; + $user_pass = $cookie_login['password']; } }