From 78a2c0f78152ab52047937daeba44a55ed71f64a Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Thu, 21 Aug 2008 00:08:25 +0000 Subject: [PATCH] Some cookie validation hooks. fixes #7440 git-svn-id: https://develop.svn.wordpress.org/trunk@8696 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/pluggable.php | 72 ++++++++++++++++++++++++++++----------- 1 file changed, 52 insertions(+), 20 deletions(-) diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 7c820060db..eb8f47799a 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -485,25 +485,12 @@ if ( !function_exists('wp_validate_auth_cookie') ) : * @return bool|int False if invalid cookie, User ID if valid. */ function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') { - if ( empty($cookie) ) { - if ( is_ssl() ) { - $cookie_name = SECURE_AUTH_COOKIE; - $scheme = 'secure_auth'; - } else { - $cookie_name = AUTH_COOKIE; - $scheme = 'auth'; - } - - if ( empty($_COOKIE[$cookie_name]) ) - return false; - $cookie = $_COOKIE[$cookie_name]; + if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) ) { + do_action('auth_cookie_malformed', $cookie, $scheme); + return false; } - $cookie_elements = explode('|', $cookie); - if ( count($cookie_elements) != 3 ) - return false; - - list($username, $expiration, $hmac) = $cookie_elements; + extract($cookie_elements, EXTR_OVERWRITE); $expired = $expiration; @@ -512,18 +499,26 @@ function wp_validate_auth_cookie($cookie = '', $scheme = 'auth') { $expired += 3600; // Quick check to see if an honest cookie has expired - if ( $expired < time() ) + if ( $expired < time() ) { + do_action('auth_cookie_expired', $cookie_elements); return false; + } $key = wp_hash($username . '|' . $expiration, $scheme); $hash = hash_hmac('md5', $username . '|' . $expiration, $key); - if ( $hmac != $hash ) + if ( $hmac != $hash ) { + do_action('auth_cookie_bad_hash', $cookie_elements); return false; + } $user = get_userdatabylogin($username); - if ( ! $user ) + if ( ! $user ) { + do_action('auth_cookie_bad_username', $cookie_elements); return false; + } + + do_action('auth_cookie_valid', $cookie_elements, $user); return $user->ID; } @@ -554,6 +549,41 @@ function wp_generate_auth_cookie($user_id, $expiration, $scheme = 'auth') { } endif; +if ( !function_exists('wp_parse_auth_cookie') ) : +/** + * Parse a cookie into its components + * + * @since 2.7 + * + * @param string $cookie + * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in + * @return array Authentication cookie components + */ +function wp_parse_auth_cookie($cookie = '', $scheme = 'auth') { + if ( empty($cookie) ) { + if ( is_ssl() ) { + $cookie_name = SECURE_AUTH_COOKIE; + $scheme = 'secure_auth'; + } else { + $cookie_name = AUTH_COOKIE; + $scheme = 'auth'; + } + + if ( empty($_COOKIE[$cookie_name]) ) + return false; + $cookie = $_COOKIE[$cookie_name]; + } + + $cookie_elements = explode('|', $cookie); + if ( count($cookie_elements) != 3 ) + return false; + + list($username, $expiration, $hmac) = $cookie_elements; + + return compact('username', 'expiration', 'hmac', 'scheme'); +} +endif; + if ( !function_exists('wp_set_auth_cookie') ) : /** * Sets the authentication cookies based User ID. @@ -607,6 +637,8 @@ if ( !function_exists('wp_clear_auth_cookie') ) : * @since 2.5 */ function wp_clear_auth_cookie() { + do_action('clear_auth_cookie'); + setcookie(AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN); setcookie(SECURE_AUTH_COOKIE, ' ', time() - 31536000, ADMIN_COOKIE_PATH, COOKIE_DOMAIN); setcookie(AUTH_COOKIE, ' ', time() - 31536000, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN);