Fix AJAX cookie validation. see #5367

git-svn-id: http://svn.automattic.com/wordpress/trunk@6400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-12-17 21:12:28 +00:00
parent 9bca1574ca
commit 8a556e5e48
1 changed files with 10 additions and 4 deletions

View File

@ -433,10 +433,10 @@ if ( !function_exists('check_ajax_referer') ) :
function check_ajax_referer( $action = -1 ) { function check_ajax_referer( $action = -1 ) {
$nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce']; $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
if ( !wp_verify_nonce( $nonce, $action ) ) { if ( !wp_verify_nonce( $nonce, $action ) ) {
$current_name = ''; $current_id = '';
if ( ( $current = wp_get_current_user() ) && $current->ID ) if ( ( $current = wp_get_current_user() ) && $current->ID )
$current_name = $current->user_login; $current_id = $current->ID;
if ( !$current_name ) if ( !$current_id )
die('-1'); die('-1');
$auth_cookie = ''; $auth_cookie = '';
@ -446,7 +446,13 @@ function check_ajax_referer( $action = -1 ) {
$auth_cookie = substr(strstr($tasty, '='), 1); $auth_cookie = substr(strstr($tasty, '='), 1);
} }
if ( $current_name != $user || empty($auth_cookie) || !wp_validate_auth_cookie( $auth_cookie ) ) if ( empty($auth_cookie) )
die('-1');
if ( ! $user_id = wp_validate_auth_cookie( $auth_cookie ) )
die('-1');
if ( $current_id != $user_id )
die('-1'); die('-1');
} }
do_action('check_ajax_referer'); do_action('check_ajax_referer');