From 89fe7ce543e4a08afe1332ee2cb8a16928653b17 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 2 May 2006 22:08:34 +0000 Subject: [PATCH] nonce functions. #2678 git-svn-id: http://svn.automattic.com/wordpress/trunk@3758 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/functions-compat.php | 13 +++++++ wp-includes/functions.php | 8 +++++ wp-includes/pluggable-functions.php | 55 ++++++++++++++++++++++++++--- 3 files changed, 71 insertions(+), 5 deletions(-) diff --git a/wp-includes/functions-compat.php b/wp-includes/functions-compat.php index 7921909223..1351d75eb7 100644 --- a/wp-includes/functions-compat.php +++ b/wp-includes/functions-compat.php @@ -98,4 +98,17 @@ if (!function_exists('array_change_key_case')) { } } +// From php.net +if(!function_exists('http_build_query')) { + function http_build_query( $formdata, $numeric_prefix = null, $key = null ) { + $res = array(); + foreach ((array)$formdata as $k=>$v) { + $tmp_key = urlencode(is_int($k) ? $numeric_prefix.$k : $k); + if ($key) $tmp_key = $key.'['.$tmp_key.']'; + $res[] = ( ( is_array($v) || is_object($v) ) ? http_build_query($v, null, $tmp_key) : $tmp_key."=".urlencode($v) ); + } + $separator = ini_get('arg_separator.output'); + return implode($separator, $res); + } +} ?> diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 1a2c890bc8..e003d8d8ee 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -1663,4 +1663,12 @@ function is_blog_installed() { return $installed; } +function wp_nonce_url($actionurl, $action = -1) { + return add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl); +} + +function wp_nonce_field($action = -1) { + echo ''; +} + ?> diff --git a/wp-includes/pluggable-functions.php b/wp-includes/pluggable-functions.php index 6983ef7378..5f259b80d7 100644 --- a/wp-includes/pluggable-functions.php +++ b/wp-includes/pluggable-functions.php @@ -228,14 +228,34 @@ function auth_redirect() { endif; if ( !function_exists('check_admin_referer') ) : -function check_admin_referer() { +function check_admin_referer($action = -1) { + global $pagenow; $adminurl = strtolower(get_settings('siteurl')).'/wp-admin'; $referer = strtolower($_SERVER['HTTP_REFERER']); - if (!strstr($referer, $adminurl)) - die(__('Sorry, you need to enable sending referrers for this feature to work.')); + if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) ) { + $html = "\n\n\n"; + $html .= "\n\t" . __('WordPress Confirmation') . "\n"; + $html .= "\n\n"; + if ( $_POST ) { + $q = http_build_query($_POST); + $q = explode( ini_get('arg_separator.output'), $q); + $html .= "\t
\n"; + foreach ( (array) $q as $a ) { + $v = substr(strstr($a, '='), 1); + $k = substr($a, 0, -(strlen($v)+1)); + $html .= "\t\t\n"; + } + $html .= "\t\t\n"; + $html .= "\t\t

" . __('Are you sure you want to do this?') . "

\n\t\t

No

\n\t
\n"; + } else { + $html .= "\t

" . __('Are you sure you want to do this?') . "

\n\t\t

No " . __('Yes') . "

\n"; + } + $html .= "\n"; + + die($html); + } do_action('check_admin_referer'); -} -endif; +}endif; if ( !function_exists('check_ajax_referer') ) : function check_ajax_referer() { @@ -460,4 +480,29 @@ function wp_new_user_notification($user_id, $plaintext_pass = '') { } endif; +if ( !function_exists('wp_verify_nonce') ) : +function wp_verify_nonce($nonce, $action = -1) { + $user = wp_get_current_user(); + $uid = $user->id; + + $i = ceil(time() / 43200); + + //Allow for expanding range, but only do one check if we can + if( substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10) == $nonce || substr(md5(($i - 1) . DB_PASSWORD . $action . $uid), -12, 10) == $nonce ) + return true; + return false; +} +endif; + +if ( !function_exists('wp_create_nonce') ) : +function wp_create_nonce($action = -1) { + $user = wp_get_current_user(); + $uid = $user->id; + + $i = ceil(time() / 43200); + + return substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10); +} +endif; + ?>