Extra protection in check_ajax_referer from mdawaffe. fixes #4939
git-svn-id: https://develop.svn.wordpress.org/trunk@6138 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
6e8eb02d73
commit
6406e9bbeb
|
@ -349,6 +349,12 @@ function check_admin_referer($action = -1) {
|
|||
|
||||
if ( !function_exists('check_ajax_referer') ) :
|
||||
function check_ajax_referer() {
|
||||
$current_name = '';
|
||||
if ( ( $current = wp_get_current_user() ) && $current->ID )
|
||||
$current_name = $current->data->user_login;
|
||||
if ( !$current_name )
|
||||
die('-1');
|
||||
|
||||
$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
|
||||
foreach ( $cookie as $tasty ) {
|
||||
if ( false !== strpos($tasty, USER_COOKIE) )
|
||||
|
@ -356,7 +362,8 @@ function check_ajax_referer() {
|
|||
if ( false !== strpos($tasty, PASS_COOKIE) )
|
||||
$pass = substr(strstr($tasty, '='), 1);
|
||||
}
|
||||
if ( !wp_login( $user, $pass, true ) )
|
||||
|
||||
if ( $current_name != $user || !wp_login( $user, $pass, true ) )
|
||||
die('-1');
|
||||
do_action('check_ajax_referer');
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue