nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@5039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
8772cbfa13
commit
95df22248d
|
@ -25,14 +25,20 @@ $comment_content = trim($_POST['comment']);
|
|||
|
||||
// If the user is logged in
|
||||
$user = wp_get_current_user();
|
||||
if ( $user->ID ) :
|
||||
if ( $user->ID ) {
|
||||
$comment_author = $wpdb->escape($user->display_name);
|
||||
$comment_author_email = $wpdb->escape($user->user_email);
|
||||
$comment_author_url = $wpdb->escape($user->user_url);
|
||||
else :
|
||||
if ( current_user_can('unfiltered_html') ) {
|
||||
if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
|
||||
kses_remove_filters(); // start with a clean slate
|
||||
kses_init_filters(); // set up the filters
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if ( get_option('comment_registration') )
|
||||
wp_die( __('Sorry, you must be logged in to post a comment.') );
|
||||
endif;
|
||||
}
|
||||
|
||||
$comment_type = '';
|
||||
|
||||
|
|
|
@ -271,6 +271,12 @@ function pings_open() {
|
|||
return false;
|
||||
}
|
||||
|
||||
function wp_comment_form_unfiltered_html_nonce() {
|
||||
global $post;
|
||||
if ( current_user_can('unfiltered_html') )
|
||||
wp_nonce_field('unfiltered-html-comment_' . $post->ID, '_wp_unfiltered_html_comment', false);
|
||||
}
|
||||
|
||||
function comments_template( $file = '/comments.php' ) {
|
||||
global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;
|
||||
|
||||
|
|
|
@ -31,6 +31,8 @@ add_filter('pre_comment_author_name', 'wp_filter_kses');
|
|||
add_filter('pre_comment_author_email', 'wp_filter_kses');
|
||||
add_filter('pre_comment_author_url', 'wp_filter_kses');
|
||||
|
||||
add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce');
|
||||
|
||||
// Default filters for these functions
|
||||
add_filter('comment_author', 'wptexturize');
|
||||
add_filter('comment_author', 'convert_chars');
|
||||
|
|
|
@ -1000,9 +1000,11 @@ function wp_nonce_url($actionurl, $action = -1) {
|
|||
return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl));
|
||||
}
|
||||
|
||||
function wp_nonce_field($action = -1) {
|
||||
echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
|
||||
wp_referer_field();
|
||||
function wp_nonce_field($action = -1, $name = "_wpnonce", $referer = true) {
|
||||
$name = attribute_escape($name);
|
||||
echo '<input type="hidden" name="' . $name . '" value="' . wp_create_nonce($action) . '" />';
|
||||
if ( $referer )
|
||||
wp_referer_field();
|
||||
}
|
||||
|
||||
function wp_referer_field() {
|
||||
|
|
Loading…
Reference in New Issue