From 8a556e5e48b170fffa0aa414f9078911429a575d Mon Sep 17 00:00:00 2001 From: ryan Date: Mon, 17 Dec 2007 21:12:28 +0000 Subject: [PATCH] Fix AJAX cookie validation. see #5367 git-svn-id: http://svn.automattic.com/wordpress/trunk@6400 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/pluggable.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index ba7474a2fa..f81fc21f92 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -433,10 +433,10 @@ if ( !function_exists('check_ajax_referer') ) : function check_ajax_referer( $action = -1 ) { $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce']; if ( !wp_verify_nonce( $nonce, $action ) ) { - $current_name = ''; + $current_id = ''; if ( ( $current = wp_get_current_user() ) && $current->ID ) - $current_name = $current->user_login; - if ( !$current_name ) + $current_id = $current->ID; + if ( !$current_id ) die('-1'); $auth_cookie = ''; @@ -446,7 +446,13 @@ function check_ajax_referer( $action = -1 ) { $auth_cookie = substr(strstr($tasty, '='), 1); } - if ( $current_name != $user || empty($auth_cookie) || !wp_validate_auth_cookie( $auth_cookie ) ) + if ( empty($auth_cookie) ) + die('-1'); + + if ( ! $user_id = wp_validate_auth_cookie( $auth_cookie ) ) + die('-1'); + + if ( $current_id != $user_id ) die('-1'); } do_action('check_ajax_referer');