Remove cookie checking from check_ajax_referer(). Check nonces instead. Props mdawaffe. fixes #5782
git-svn-id: http://svn.automattic.com/wordpress/trunk@6739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
6c312db33c
commit
7b946b9007
|
|
@ -467,7 +467,7 @@ case 'add-user' :
|
|||
$x->send();
|
||||
break;
|
||||
case 'autosave' : // The name of this action is hardcoded in edit_post()
|
||||
check_ajax_referer( $action );
|
||||
check_ajax_referer( 'autosave', 'autosavenonce' );
|
||||
$_POST['post_content'] = $_POST['content'];
|
||||
$_POST['post_excerpt'] = $_POST['excerpt'];
|
||||
$_POST['post_status'] = 'draft';
|
||||
|
|
@ -499,7 +499,7 @@ case 'autosave' : // The name of this action is hardcoded in edit_post()
|
|||
die('0');
|
||||
break;
|
||||
case 'autosave-generate-nonces' :
|
||||
check_ajax_referer( $action );
|
||||
check_ajax_referer( 'autosave', 'autosavenonce' );
|
||||
$ID = (int) $_POST['post_ID'];
|
||||
if($_POST['post_type'] == 'post') {
|
||||
if(current_user_can('edit_post', $ID))
|
||||
|
|
|
|||
|
|
@ -88,6 +88,7 @@ addLoadEvent(focusit);
|
|||
<div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea">
|
||||
<h3><?php _e('Post') ?></h3>
|
||||
<?php the_editor($post->post_content); ?>
|
||||
<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
|
||||
</div>
|
||||
|
||||
<?php echo $form_pingback ?>
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ addLoadEvent(focusit);
|
|||
}
|
||||
?>
|
||||
<div><textarea rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content"><?php echo $post->post_content ?></textarea></div>
|
||||
<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
|
||||
</fieldset>
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -56,6 +56,7 @@ addLoadEvent(focusit);
|
|||
<div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea">
|
||||
<h3><?php _e('Page') ?></h3>
|
||||
<?php the_editor($post->post_content); ?>
|
||||
<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
|
||||
</div>
|
||||
|
||||
<div id="submitpost">
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ function autosave_update_post_ID(response) {
|
|||
jQuery.post(autosaveL10n.requestFile, {
|
||||
action: "autosave-generate-nonces",
|
||||
post_ID: res,
|
||||
cookie: document.cookie,
|
||||
autosavenonce: jQuery('#autosavenonce').val(),
|
||||
post_type: jQuery('#post_type').val()
|
||||
}, function(html) {
|
||||
jQuery('#_wpnonce').val(html);
|
||||
|
|
@ -87,7 +87,7 @@ function autosave() {
|
|||
action: "autosave",
|
||||
post_ID: jQuery("#post_ID").val() || 0,
|
||||
post_title: jQuery("#title").val() || "",
|
||||
cookie: document.cookie,
|
||||
autosavenonce: jQuery('#autosavenonce').val(),
|
||||
tags_input: jQuery("#tags-input").val() || "",
|
||||
post_type: jQuery('#post_type').val() || ""
|
||||
};
|
||||
|
|
|
|||
|
|
@ -635,11 +635,12 @@ if ( !function_exists('check_admin_referer') ) :
|
|||
* @uses do_action() Calls 'check_admin_referer' on $action.
|
||||
*
|
||||
* @param string $action Action nonce
|
||||
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
|
||||
*/
|
||||
function check_admin_referer($action = -1) {
|
||||
function check_admin_referer($action = -1, $query_arg = '_wpnonce' ) {
|
||||
$adminurl = strtolower(get_option('siteurl')).'/wp-admin';
|
||||
$referer = strtolower(wp_get_referer());
|
||||
if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
|
||||
if ( !wp_verify_nonce($_REQUEST[$query_arg], $action) &&
|
||||
!(-1 == $action && strpos($referer, $adminurl) !== false)) {
|
||||
wp_nonce_ays($action);
|
||||
die();
|
||||
|
|
@ -654,34 +655,17 @@ if ( !function_exists('check_ajax_referer') ) :
|
|||
* @since 2.0.4
|
||||
*
|
||||
* @param string $action Action nonce
|
||||
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
|
||||
*/
|
||||
function check_ajax_referer( $action = -1 ) {
|
||||
function check_ajax_referer( $action = -1, $query_arg = false ) {
|
||||
if ( $query_arg )
|
||||
$nonce = $_REQUEST[$query_arg];
|
||||
else
|
||||
$nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
|
||||
if ( !wp_verify_nonce( $nonce, $action ) ) {
|
||||
$current_id = '';
|
||||
if ( ( $current = wp_get_current_user() ) && $current->ID )
|
||||
$current_id = $current->ID;
|
||||
if ( !$current_id )
|
||||
|
||||
if ( !wp_verify_nonce( $nonce, $action ) )
|
||||
die('-1');
|
||||
|
||||
$auth_cookie = '';
|
||||
$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
|
||||
foreach ( $cookie as $tasty ) {
|
||||
if ( false !== strpos($tasty, AUTH_COOKIE . '=') ) {
|
||||
$auth_cookie = substr(strstr($tasty, '='), 1);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if ( empty($auth_cookie) )
|
||||
die('-1');
|
||||
|
||||
if ( ! $user_id = wp_validate_auth_cookie( $auth_cookie ) )
|
||||
die('-1');
|
||||
|
||||
if ( $current_id != $user_id )
|
||||
die('-1');
|
||||
}
|
||||
do_action('check_ajax_referer');
|
||||
}
|
||||
endif;
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ class WP_Scripts {
|
|||
|
||||
$this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.6');
|
||||
|
||||
$this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080104');
|
||||
$this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080206');
|
||||
$this->localize( 'autosave', 'autosaveL10n', array(
|
||||
'autosaveInterval' => apply_filters('autosave_interval', '120'),
|
||||
'errorText' => __('Error: %response%'),
|
||||
|
|
|
|||
Loading…
Reference in New Issue