sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix AJAX cookie validation. see #5367 

git-svn-id: https://develop.svn.wordpress.org/trunk@6400 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2007-12-17 21:12:28 +00:00
parent 930b3c2b2e
commit 894db1ba91
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
wp-includes/pluggable.php
View File

@ -433,10 +433,10 @@ if ( !function_exists('check_ajax_referer') ) :
function check_ajax_referer( $action = -1 ) { function check_ajax_referer( $action = -1 ) {
$nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce']; $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
if ( !wp_verify_nonce( $nonce, $action ) ) { if ( !wp_verify_nonce( $nonce, $action ) ) {
$current_name = ''; $current_id = '';
if ( ( $current = wp_get_current_user() ) && $current->ID ) if ( ( $current = wp_get_current_user() ) && $current->ID )
$current_name = $current->user_login; $current_id = $current->ID;
if ( !$current_name ) if ( !$current_id )
die('-1'); die('-1');
$auth_cookie = ''; $auth_cookie = '';
@ -446,7 +446,13 @@ function check_ajax_referer( $action = -1 ) {
$auth_cookie = substr(strstr($tasty, '='), 1); $auth_cookie = substr(strstr($tasty, '='), 1);
} }
if ( $current_name != $user || empty($auth_cookie) || !wp_validate_auth_cookie( $auth_cookie ) ) if ( empty($auth_cookie) )
die('-1');
if ( ! $user_id = wp_validate_auth_cookie( $auth_cookie ) )
die('-1');
if ( $current_id != $user_id )
die('-1'); die('-1');
} }
do_action('check_ajax_referer'); do_action('check_ajax_referer');