From 85a2305bd4f983d50a249b7a6ebd85b1751d6fb3 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Fri, 21 Apr 2006 21:18:32 +0000
Subject: [PATCH] Ref checks.  Comment filter.

git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/cat-js.php                 |  6 +++---
 wp-admin/categories.php             |  4 ++++
 wp-admin/edit-comments.php          |  2 ++
 wp-admin/edit-form-ajax-cat.php     |  6 ++++--
 wp-admin/inline-uploading.php       |  2 ++
 wp-admin/link-categories.php        |  6 ++++++
 wp-admin/link-import.php            |  2 ++
 wp-admin/list-manipulation.js       |  4 ++--
 wp-admin/list-manipulation.php      |  4 ++--
 wp-admin/moderation.php             |  2 ++
 wp-admin/options-permalink.php      |  2 ++
 wp-admin/plugin-editor.php          |  2 ++
 wp-admin/post.php                   |  4 ++++
 wp-admin/templates.php              |  2 ++
 wp-admin/theme-editor.php           |  2 ++
 wp-includes/classes.php             |  2 +-
 wp-includes/comment-functions.php   |  2 ++
 wp-includes/pluggable-functions.php | 15 +++++++++++++++
 18 files changed, 59 insertions(+), 10 deletions(-)

diff --git a/wp-admin/cat-js.php b/wp-admin/cat-js.php
index 156e8f5c47..4ad125b35d 100644
--- a/wp-admin/cat-js.php
+++ b/wp-admin/cat-js.php
@@ -144,9 +144,9 @@ function ajaxNewCat() {
 	var split_cats = new Array(1);
 	var catString = '';
 
-	catString = 'ajaxnewcat=' + encodeURIComponent(newcat.value);
+	catString = ajaxCat.encVar('ajaxnewcat', newcat.value) + '&' + ajaxCat.encVar('cookie', document.cookie);
 	ajaxCat.requestFile = 'edit-form-ajax-cat.php';
-	ajaxCat.method = 'GET';
+	ajaxCat.method = 'POST';
 	ajaxCat.onLoading = newCatLoading;
 	ajaxCat.onLoaded = newCatLoaded;
 	ajaxCat.onInteractive = newCatInteractive;
@@ -175,4 +175,4 @@ function myPload( str ) {
 	if ( currentElement != "" )
 		fixedExplode[count] = currentElement;
 	return fixedExplode;
-}
\ No newline at end of file
+}
diff --git a/wp-admin/categories.php b/wp-admin/categories.php
index 79163a985c..5e21d8d384 100644
--- a/wp-admin/categories.php
+++ b/wp-admin/categories.php
@@ -25,6 +25,8 @@ switch($action) {
 
 case 'addcat':
 
+	check_admin_referer();
+
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin&#8217; uh?'));
 	
@@ -94,6 +96,8 @@ case 'edit':
 break;
 
 case 'editedcat':
+	check_admin_referer();
+
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin&#8217; uh?'));
 	
diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index e74ebb49d9..075a09ef39 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -39,6 +39,8 @@ function checkAll(form)
 <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
 <?php
 if ( !empty( $_POST['delete_comments'] ) ) :
+	check_admin_referer();
+
 	$i = 0;
 	foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
 		$comment = (int) $comment;
diff --git a/wp-admin/edit-form-ajax-cat.php b/wp-admin/edit-form-ajax-cat.php
index d023f94637..55d10fc541 100644
--- a/wp-admin/edit-form-ajax-cat.php
+++ b/wp-admin/edit-form-ajax-cat.php
@@ -7,12 +7,14 @@ get_currentuserinfo();
 
 if ( !current_user_can('manage_categories') )
 	die('-1');
+if ( !check_ajax_referer() )
+	die('-1');
 
 function get_out_now() { exit; }
 
 add_action('shutdown', 'get_out_now', -1);
 
-$names = explode(',', rawurldecode($_GET['ajaxnewcat']) );
+$names = explode(',', rawurldecode($_POST['ajaxnewcat']) );
 $ids   = array();
 
 foreach ($names as $cat_name) {
@@ -34,4 +36,4 @@ $return = join(',', $ids);
 
 die( (string) $return );
 
-?>
\ No newline at end of file
+?>
diff --git a/wp-admin/inline-uploading.php b/wp-admin/inline-uploading.php
index c2334cd99f..4275a07b90 100644
--- a/wp-admin/inline-uploading.php
+++ b/wp-admin/inline-uploading.php
@@ -2,6 +2,8 @@
 
 require_once('admin.php');
 
+check_admin_referer();
+
 header('Content-Type: text/html; charset=' . get_option('blog_charset'));
 
 if (!current_user_can('upload_files'))
diff --git a/wp-admin/link-categories.php b/wp-admin/link-categories.php
index 10fb227723..e71d7cf93c 100644
--- a/wp-admin/link-categories.php
+++ b/wp-admin/link-categories.php
@@ -26,6 +26,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 switch ($action) {
   case 'addcat':
   {
+      check_admin_referer();
+
       if ( !current_user_can('manage_links') )
           die (__("Cheatin' uh ?"));
 
@@ -80,6 +82,8 @@ switch ($action) {
   } // end addcat
   case 'Delete':
   {
+    check_admin_referer();
+
     $cat_id = (int) $_GET['cat_id'];
     $cat_name=get_linkcatname($cat_id);
 
@@ -199,6 +203,8 @@ switch ($action) {
   } // end Edit
   case "editedcat":
   {
+    check_admin_referer();
+
     if ( !current_user_can('manage_links') )
       die (__("Cheatin' uh ?"));
 
diff --git a/wp-admin/link-import.php b/wp-admin/link-import.php
index 713686b3fb..496035b3e5 100644
--- a/wp-admin/link-import.php
+++ b/wp-admin/link-import.php
@@ -63,6 +63,8 @@ foreach ($categories as $category) {
             } // end case 0
 
     case 1: {
+		check_admin_referer();
+
                 include_once('admin-header.php');
                 if ( !current_user_can('manage_links') )
                     die (__("Cheatin' uh ?"));
diff --git a/wp-admin/list-manipulation.js b/wp-admin/list-manipulation.js
index 38cc60247c..adf3f4f8d5 100644
--- a/wp-admin/list-manipulation.js
+++ b/wp-admin/list-manipulation.js
@@ -33,13 +33,13 @@ function ajaxDelete(what, id) {
 	ajaxDel.onLoaded = function() { ajaxDel.myResponseElement.innerHTML = 'Data Sent...'; };
 	ajaxDel.onInteractive = function() { ajaxDel.myResponseElement.innerHTML = 'Processing Data...'; };
 	ajaxDel.onCompletion = function() { removeThisItem( what + '-' + id ); };
-	ajaxDel.runAJAX('action=delete-' + what + '&id=' + id);
+	ajaxDel.runAJAX('action=delete-' + what + '&id=' + id + '&' + ajaxDel.encVar('cookie', document.cookie));
 	return false;
 }
 
 function removeThisItem(id) {
 	var response = ajaxDel.response;
-	if ( isNaN(response) ) { alert(response); }
+	if ( isNaN(response) ) { ajaxDel.myResponseElement.innerHTML = response; return false; }
 	response = parseInt(response, 10);
 	if ( -1 == response ) { ajaxDel.myResponseElement.innerHTML = "You don't have permission to do that."; }
 	else if ( 0 == response ) { ajaxDel.myResponseElement.interHTML = "Something odd happened.  Try refreshing the page? Either that or what you tried to delete never existed in the first place."; }
diff --git a/wp-admin/list-manipulation.php b/wp-admin/list-manipulation.php
index 90604bd4ee..7887697695 100644
--- a/wp-admin/list-manipulation.php
+++ b/wp-admin/list-manipulation.php
@@ -6,6 +6,8 @@ require_once('admin-db.php');
 get_currentuserinfo();
 if ( !is_user_logged_in() )
 	die('-1');
+if ( !check_ajax_referer() )
+	die('-1');
 
 function grab_results() {
 	global $ajax_results;
@@ -15,8 +17,6 @@ function grab_results() {
 function get_out_now() { exit; }
 add_action('shutdown', 'get_out_now', -1);
 
-//	check_admin_referer();
-
 switch ( $_POST['action'] ) :
 case 'delete-link' :
 	$id = (int) $_POST['id'];
diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php
index 48a8b23a30..d722d14d6d 100644
--- a/wp-admin/moderation.php
+++ b/wp-admin/moderation.php
@@ -32,6 +32,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer();
+
 	if ( ! current_user_can('moderate_comments') )
 	die('<p>'.__('Your level is not high enough to moderate comments.').'</p>');
 
diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php
index ff65875b0d..62d4757e16 100644
--- a/wp-admin/options-permalink.php
+++ b/wp-admin/options-permalink.php
@@ -58,6 +58,8 @@ include('admin-header.php');
 $home_path = get_home_path();
 
 if ( isset($_POST) ) {
+	check_admin_referer();
+
 	if ( isset($_POST['permalink_structure']) ) {
 		$permalink_structure = $_POST['permalink_structure'];
 		if (! empty($permalink_structure) )
diff --git a/wp-admin/plugin-editor.php b/wp-admin/plugin-editor.php
index 37aed6b0c1..05df573b76 100644
--- a/wp-admin/plugin-editor.php
+++ b/wp-admin/plugin-editor.php
@@ -34,6 +34,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer();
+
 	if ( !current_user_can('edit_plugins') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
diff --git a/wp-admin/post.php b/wp-admin/post.php
index 0f4187e9ce..1e64278f06 100644
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -292,6 +292,8 @@ case 'mailapprovecomment':
 
 case 'approvecomment':
 
+	check_admin_referer();
+
 	$comment = (int) $_GET['comment'];
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
@@ -322,6 +324,8 @@ case 'approvecomment':
 
 case 'editedcomment':
 
+	check_admin_referer();
+
 	edit_comment();
 
 	$referredby = $_POST['referredby'];
diff --git a/wp-admin/templates.php b/wp-admin/templates.php
index 3e1205045b..d330970ffc 100644
--- a/wp-admin/templates.php
+++ b/wp-admin/templates.php
@@ -36,6 +36,8 @@ switch($action) {
 
 case 'update':
 
+	check_adimn_referer();
+
 	if ( ! current_user_can('edit_files') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php
index 8ed51079bb..10d2d7adb9 100644
--- a/wp-admin/theme-editor.php
+++ b/wp-admin/theme-editor.php
@@ -47,6 +47,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer();
+
 	if ( !current_user_can('edit_themes') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
diff --git a/wp-includes/classes.php b/wp-includes/classes.php
index 4834fae0bf..8cde81034c 100644
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -826,7 +826,7 @@ class retrospam_mgr {
 					if ( empty( $word ) )
 						continue;
 					$fulltext = strtolower($comment->email.' '.$comment->url.' '.$comment->ip.' '.$comment->text);
-					if( strpos( $fulltext, strtolower($word) ) != FALSE ) {
+					if( false !== strpos( $fulltext, strtolower($word) ) ) {
 						$this->found_comments[] = $comment->ID;
 						break;
 					}
diff --git a/wp-includes/comment-functions.php b/wp-includes/comment-functions.php
index eed5a611cf..35a3e0c9b9 100644
--- a/wp-includes/comment-functions.php
+++ b/wp-includes/comment-functions.php
@@ -185,6 +185,8 @@ function wp_update_comment($commentarr) {
 	// Merge old and new fields with new fields overwriting old ones.
 	$commentarr = array_merge($comment, $commentarr);
 
+	$commentarr = wp_filter_comment( $commentarr );
+
 	// Now extract the merged array.
 	extract($commentarr);
 
diff --git a/wp-includes/pluggable-functions.php b/wp-includes/pluggable-functions.php
index bcaa9a8879..974bdb86ca 100644
--- a/wp-includes/pluggable-functions.php
+++ b/wp-includes/pluggable-functions.php
@@ -233,6 +233,21 @@ function check_admin_referer() {
 }
 endif;
 
+if ( !function_exists('check_ajax_referer') ) :
+function check_ajax_referer() {
+	$cookie = explode(';', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
+	foreach ( $cookie as $tasty ) {
+		if ( false !== strpos($tasty, USER_COOKIE) )
+			$user = substr(strstr($tasty, '='), 1);
+		if ( false !== strpos($tasty, PASS_COOKIE) )
+			$pass = substr(strstr($tasty, '='), 1);
+	}
+	if ( wp_login( $user, $pass, true ) )
+		return true;
+	return false;
+}
+endif;
+
 // Cookie safe redirect.  Works around IIS Set-Cookie bug.
 // http://support.microsoft.com/kb/q176113/
 if ( !function_exists('wp_redirect') ) :