nonce functions. #2678
git-svn-id: http://svn.automattic.com/wordpress/trunk@3758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
1008282133
commit
89fe7ce543
|
@ -98,4 +98,17 @@ if (!function_exists('array_change_key_case')) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// From php.net
|
||||||
|
if(!function_exists('http_build_query')) {
|
||||||
|
function http_build_query( $formdata, $numeric_prefix = null, $key = null ) {
|
||||||
|
$res = array();
|
||||||
|
foreach ((array)$formdata as $k=>$v) {
|
||||||
|
$tmp_key = urlencode(is_int($k) ? $numeric_prefix.$k : $k);
|
||||||
|
if ($key) $tmp_key = $key.'['.$tmp_key.']';
|
||||||
|
$res[] = ( ( is_array($v) || is_object($v) ) ? http_build_query($v, null, $tmp_key) : $tmp_key."=".urlencode($v) );
|
||||||
|
}
|
||||||
|
$separator = ini_get('arg_separator.output');
|
||||||
|
return implode($separator, $res);
|
||||||
|
}
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -1663,4 +1663,12 @@ function is_blog_installed() {
|
||||||
return $installed;
|
return $installed;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function wp_nonce_url($actionurl, $action = -1) {
|
||||||
|
return add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl);
|
||||||
|
}
|
||||||
|
|
||||||
|
function wp_nonce_field($action = -1) {
|
||||||
|
echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -228,14 +228,34 @@ function auth_redirect() {
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
if ( !function_exists('check_admin_referer') ) :
|
if ( !function_exists('check_admin_referer') ) :
|
||||||
function check_admin_referer() {
|
function check_admin_referer($action = -1) {
|
||||||
|
global $pagenow;
|
||||||
$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
|
$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
|
||||||
$referer = strtolower($_SERVER['HTTP_REFERER']);
|
$referer = strtolower($_SERVER['HTTP_REFERER']);
|
||||||
if (!strstr($referer, $adminurl))
|
if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) ) {
|
||||||
die(__('Sorry, you need to <a href="http://codex.wordpress.org/Enable_Sending_Referrers">enable sending referrers</a> for this feature to work.'));
|
$html = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n";
|
||||||
do_action('check_admin_referer');
|
$html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n";
|
||||||
|
$html .= "</head>\n<body>\n";
|
||||||
|
if ( $_POST ) {
|
||||||
|
$q = http_build_query($_POST);
|
||||||
|
$q = explode( ini_get('arg_separator.output'), $q);
|
||||||
|
$html .= "\t<form method='post' action='$pagenow'>\n";
|
||||||
|
foreach ( (array) $q as $a ) {
|
||||||
|
$v = substr(strstr($a, '='), 1);
|
||||||
|
$k = substr($a, 0, -(strlen($v)+1));
|
||||||
|
$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
|
||||||
}
|
}
|
||||||
endif;
|
$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
|
||||||
|
$html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n";
|
||||||
|
} else {
|
||||||
|
$html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n";
|
||||||
|
}
|
||||||
|
$html .= "</body>\n</html>";
|
||||||
|
|
||||||
|
die($html);
|
||||||
|
}
|
||||||
|
do_action('check_admin_referer');
|
||||||
|
}endif;
|
||||||
|
|
||||||
if ( !function_exists('check_ajax_referer') ) :
|
if ( !function_exists('check_ajax_referer') ) :
|
||||||
function check_ajax_referer() {
|
function check_ajax_referer() {
|
||||||
|
@ -460,4 +480,29 @@ function wp_new_user_notification($user_id, $plaintext_pass = '') {
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
if ( !function_exists('wp_verify_nonce') ) :
|
||||||
|
function wp_verify_nonce($nonce, $action = -1) {
|
||||||
|
$user = wp_get_current_user();
|
||||||
|
$uid = $user->id;
|
||||||
|
|
||||||
|
$i = ceil(time() / 43200);
|
||||||
|
|
||||||
|
//Allow for expanding range, but only do one check if we can
|
||||||
|
if( substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10) == $nonce || substr(md5(($i - 1) . DB_PASSWORD . $action . $uid), -12, 10) == $nonce )
|
||||||
|
return true;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
endif;
|
||||||
|
|
||||||
|
if ( !function_exists('wp_create_nonce') ) :
|
||||||
|
function wp_create_nonce($action = -1) {
|
||||||
|
$user = wp_get_current_user();
|
||||||
|
$uid = $user->id;
|
||||||
|
|
||||||
|
$i = ceil(time() / 43200);
|
||||||
|
|
||||||
|
return substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10);
|
||||||
|
}
|
||||||
|
endif;
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
Loading…
Reference in New Issue