Remove cookie checking from check_ajax_referer(). Check nonces instead. Props mdawaffe. fixes #5782
git-svn-id: http://svn.automattic.com/wordpress/trunk@6739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
6c312db33c
commit
7b946b9007
|
@ -467,7 +467,7 @@ case 'add-user' :
|
||||||
$x->send();
|
$x->send();
|
||||||
break;
|
break;
|
||||||
case 'autosave' : // The name of this action is hardcoded in edit_post()
|
case 'autosave' : // The name of this action is hardcoded in edit_post()
|
||||||
check_ajax_referer( $action );
|
check_ajax_referer( 'autosave', 'autosavenonce' );
|
||||||
$_POST['post_content'] = $_POST['content'];
|
$_POST['post_content'] = $_POST['content'];
|
||||||
$_POST['post_excerpt'] = $_POST['excerpt'];
|
$_POST['post_excerpt'] = $_POST['excerpt'];
|
||||||
$_POST['post_status'] = 'draft';
|
$_POST['post_status'] = 'draft';
|
||||||
|
@ -499,7 +499,7 @@ case 'autosave' : // The name of this action is hardcoded in edit_post()
|
||||||
die('0');
|
die('0');
|
||||||
break;
|
break;
|
||||||
case 'autosave-generate-nonces' :
|
case 'autosave-generate-nonces' :
|
||||||
check_ajax_referer( $action );
|
check_ajax_referer( 'autosave', 'autosavenonce' );
|
||||||
$ID = (int) $_POST['post_ID'];
|
$ID = (int) $_POST['post_ID'];
|
||||||
if($_POST['post_type'] == 'post') {
|
if($_POST['post_type'] == 'post') {
|
||||||
if(current_user_can('edit_post', $ID))
|
if(current_user_can('edit_post', $ID))
|
||||||
|
|
|
@ -88,6 +88,7 @@ addLoadEvent(focusit);
|
||||||
<div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea">
|
<div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea">
|
||||||
<h3><?php _e('Post') ?></h3>
|
<h3><?php _e('Post') ?></h3>
|
||||||
<?php the_editor($post->post_content); ?>
|
<?php the_editor($post->post_content); ?>
|
||||||
|
<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<?php echo $form_pingback ?>
|
<?php echo $form_pingback ?>
|
||||||
|
|
|
@ -39,6 +39,7 @@ addLoadEvent(focusit);
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<div><textarea rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content"><?php echo $post->post_content ?></textarea></div>
|
<div><textarea rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content"><?php echo $post->post_content ?></textarea></div>
|
||||||
|
<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -56,6 +56,7 @@ addLoadEvent(focusit);
|
||||||
<div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea">
|
<div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea">
|
||||||
<h3><?php _e('Page') ?></h3>
|
<h3><?php _e('Page') ?></h3>
|
||||||
<?php the_editor($post->post_content); ?>
|
<?php the_editor($post->post_content); ?>
|
||||||
|
<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div id="submitpost">
|
<div id="submitpost">
|
||||||
|
|
|
@ -36,7 +36,7 @@ function autosave_update_post_ID(response) {
|
||||||
jQuery.post(autosaveL10n.requestFile, {
|
jQuery.post(autosaveL10n.requestFile, {
|
||||||
action: "autosave-generate-nonces",
|
action: "autosave-generate-nonces",
|
||||||
post_ID: res,
|
post_ID: res,
|
||||||
cookie: document.cookie,
|
autosavenonce: jQuery('#autosavenonce').val(),
|
||||||
post_type: jQuery('#post_type').val()
|
post_type: jQuery('#post_type').val()
|
||||||
}, function(html) {
|
}, function(html) {
|
||||||
jQuery('#_wpnonce').val(html);
|
jQuery('#_wpnonce').val(html);
|
||||||
|
@ -87,7 +87,7 @@ function autosave() {
|
||||||
action: "autosave",
|
action: "autosave",
|
||||||
post_ID: jQuery("#post_ID").val() || 0,
|
post_ID: jQuery("#post_ID").val() || 0,
|
||||||
post_title: jQuery("#title").val() || "",
|
post_title: jQuery("#title").val() || "",
|
||||||
cookie: document.cookie,
|
autosavenonce: jQuery('#autosavenonce').val(),
|
||||||
tags_input: jQuery("#tags-input").val() || "",
|
tags_input: jQuery("#tags-input").val() || "",
|
||||||
post_type: jQuery('#post_type').val() || ""
|
post_type: jQuery('#post_type').val() || ""
|
||||||
};
|
};
|
||||||
|
@ -99,7 +99,7 @@ function autosave() {
|
||||||
tinyMCE.triggerSave();
|
tinyMCE.triggerSave();
|
||||||
}
|
}
|
||||||
|
|
||||||
post_data["content"] = jQuery("#content").val();
|
post_data["content"] = jQuery("#content").val();
|
||||||
|
|
||||||
if(post_data["post_title"].length==0 || post_data["content"].length==0 || post_data["post_title"] + post_data["content"] == autosaveLast) {
|
if(post_data["post_title"].length==0 || post_data["content"].length==0 || post_data["post_title"] + post_data["content"] == autosaveLast) {
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -635,11 +635,12 @@ if ( !function_exists('check_admin_referer') ) :
|
||||||
* @uses do_action() Calls 'check_admin_referer' on $action.
|
* @uses do_action() Calls 'check_admin_referer' on $action.
|
||||||
*
|
*
|
||||||
* @param string $action Action nonce
|
* @param string $action Action nonce
|
||||||
|
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
|
||||||
*/
|
*/
|
||||||
function check_admin_referer($action = -1) {
|
function check_admin_referer($action = -1, $query_arg = '_wpnonce' ) {
|
||||||
$adminurl = strtolower(get_option('siteurl')).'/wp-admin';
|
$adminurl = strtolower(get_option('siteurl')).'/wp-admin';
|
||||||
$referer = strtolower(wp_get_referer());
|
$referer = strtolower(wp_get_referer());
|
||||||
if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
|
if ( !wp_verify_nonce($_REQUEST[$query_arg], $action) &&
|
||||||
!(-1 == $action && strpos($referer, $adminurl) !== false)) {
|
!(-1 == $action && strpos($referer, $adminurl) !== false)) {
|
||||||
wp_nonce_ays($action);
|
wp_nonce_ays($action);
|
||||||
die();
|
die();
|
||||||
|
@ -654,34 +655,17 @@ if ( !function_exists('check_ajax_referer') ) :
|
||||||
* @since 2.0.4
|
* @since 2.0.4
|
||||||
*
|
*
|
||||||
* @param string $action Action nonce
|
* @param string $action Action nonce
|
||||||
|
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
|
||||||
*/
|
*/
|
||||||
function check_ajax_referer( $action = -1 ) {
|
function check_ajax_referer( $action = -1, $query_arg = false ) {
|
||||||
$nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
|
if ( $query_arg )
|
||||||
if ( !wp_verify_nonce( $nonce, $action ) ) {
|
$nonce = $_REQUEST[$query_arg];
|
||||||
$current_id = '';
|
else
|
||||||
if ( ( $current = wp_get_current_user() ) && $current->ID )
|
$nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
|
||||||
$current_id = $current->ID;
|
|
||||||
if ( !$current_id )
|
|
||||||
die('-1');
|
|
||||||
|
|
||||||
$auth_cookie = '';
|
if ( !wp_verify_nonce( $nonce, $action ) )
|
||||||
$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
|
die('-1');
|
||||||
foreach ( $cookie as $tasty ) {
|
|
||||||
if ( false !== strpos($tasty, AUTH_COOKIE . '=') ) {
|
|
||||||
$auth_cookie = substr(strstr($tasty, '='), 1);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( empty($auth_cookie) )
|
|
||||||
die('-1');
|
|
||||||
|
|
||||||
if ( ! $user_id = wp_validate_auth_cookie( $auth_cookie ) )
|
|
||||||
die('-1');
|
|
||||||
|
|
||||||
if ( $current_id != $user_id )
|
|
||||||
die('-1');
|
|
||||||
}
|
|
||||||
do_action('check_ajax_referer');
|
do_action('check_ajax_referer');
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
|
@ -37,7 +37,7 @@ class WP_Scripts {
|
||||||
|
|
||||||
$this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.6');
|
$this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.6');
|
||||||
|
|
||||||
$this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080104');
|
$this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080206');
|
||||||
$this->localize( 'autosave', 'autosaveL10n', array(
|
$this->localize( 'autosave', 'autosaveL10n', array(
|
||||||
'autosaveInterval' => apply_filters('autosave_interval', '120'),
|
'autosaveInterval' => apply_filters('autosave_interval', '120'),
|
||||||
'errorText' => __('Error: %response%'),
|
'errorText' => __('Error: %response%'),
|
||||||
|
|
Loading…
Reference in New Issue