Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for 2.1 

git-svn-id: http://svn.automattic.com/wordpress/branches/2.1@5040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2007-03-14 23:12:47 +00:00
parent 12b50a0dd6
commit 6787161bb7
4 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
wp-comments-post.php
View File

@ -25,14 +25,20 @@ $comment_content = trim($_POST['comment']);
// If the user is logged in
$user = wp_get_current_user();
if ( $user->ID ) :
if ( $user->ID ) {
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
else :
if ( current_user_can('unfiltered_html') ) {
if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
kses_remove_filters(); // start with a clean slate
kses_init_filters(); // set up the filters
}
}
} else {
if ( get_option('comment_registration') )
wp_die( __('Sorry, you must be logged in to post a comment.') );
endif;
}
$comment_type = '';

6
wp-includes/comment-template.php
View File

@ -271,6 +271,12 @@ function pings_open() {
return false;
}
function wp_comment_form_unfiltered_html_nonce() {
global $post;
if ( current_user_can('unfiltered_html') )
wp_nonce_field('unfiltered-html-comment_' . $post->ID, '_wp_unfiltered_html_comment', false);
}
function comments_template( $file = '/comments.php' ) {
global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;

2
wp-includes/default-filters.php
View File

@ -31,6 +31,8 @@ add_filter('pre_comment_author_name', 'wp_filter_kses');
add_filter('pre_comment_author_email', 'wp_filter_kses');
add_filter('pre_comment_author_url', 'wp_filter_kses');
add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce');
// Default filters for these functions
add_filter('comment_author', 'wptexturize');
add_filter('comment_author', 'convert_chars');

8
wp-includes/functions.php
View File

@ -920,9 +920,11 @@ function wp_nonce_url($actionurl, $action = -1) {
return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl));
}
function wp_nonce_field($action = -1) {
echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
wp_referer_field();
function wp_nonce_field($action = -1, $name = "_wpnonce", $referer = true) {
$name = attribute_escape($name);
echo '<input type="hidden" name="' . $name . '" value="' . wp_create_nonce($action) . '" />';
if ( $referer )
wp_referer_field();
}
function wp_referer_field() {