Verify the MAC earlier in WP_Customize_Widgets. props duck_.

git-svn-id: https://develop.svn.wordpress.org/trunk@29377 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2014-08-05 06:49:22 +00:00
parent e5836da88d
commit a8e8ed6550

View File

@ -1150,21 +1150,19 @@ final class WP_Customize_Widgets {
} }
/** /**
* Get a widget instance's hash key. * Get MAC for a serialized widget instance string.
* *
* Serialize an instance and hash it with the AUTH_KEY; when a JS value is * Allows values posted back from JS to be rejected if any tampering of the
* posted back to save, this instance hash key is used to ensure that the * data has occurred.
* serialized_instance was not tampered with, but that it had originated
* from WordPress and so is sanitized.
* *
* @since 3.9.0 * @since 3.9.0
* @access protected * @access protected
* *
* @param array $instance Widget instance. * @param string $serialized_instance Widget instance.
* @return string Widget instance's hash key. * @return string MAC for serialized widget instance.
*/ */
protected function get_instance_hash_key( $instance ) { protected function get_instance_hash_key( $serialized_instance ) {
return wp_hash( serialize( $instance ) ); return wp_hash( $serialized_instance );
} }
/** /**
@ -1192,18 +1190,19 @@ final class WP_Customize_Widgets {
} }
$decoded = base64_decode( $value['encoded_serialized_instance'], true ); $decoded = base64_decode( $value['encoded_serialized_instance'], true );
if ( false === $decoded ) { if ( false === $decoded ) {
return null; return null;
} }
$instance = unserialize( $decoded );
if ( $this->get_instance_hash_key( $decoded ) !== $value['instance_hash_key'] ) {
return null;
}
$instance = unserialize( $decoded );
if ( false === $instance ) { if ( false === $instance ) {
return null; return null;
} }
if ( $this->get_instance_hash_key( $instance ) !== $value['instance_hash_key'] ) {
return null;
}
return $instance; return $instance;
} }
@ -1224,7 +1223,7 @@ final class WP_Customize_Widgets {
'encoded_serialized_instance' => base64_encode( $serialized ), 'encoded_serialized_instance' => base64_encode( $serialized ),
'title' => empty( $value['title'] ) ? '' : $value['title'], 'title' => empty( $value['title'] ) ? '' : $value['title'],
'is_widget_customizer_js_value' => true, 'is_widget_customizer_js_value' => true,
'instance_hash_key' => $this->get_instance_hash_key( $value ), 'instance_hash_key' => $this->get_instance_hash_key( $serialized ),
); );
} }
return $value; return $value;