mirror of
https://github.com/WordPress/WordPress.git
synced 2024-09-29 07:37:44 +02:00
Extra protection in check_ajax_referer from mdawaffe. fixes #4939
git-svn-id: http://svn.automattic.com/wordpress/trunk@6138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
3ac0df5170
commit
9eb6351d24
@ -349,6 +349,12 @@ function check_admin_referer($action = -1) {
|
|||||||
|
|
||||||
if ( !function_exists('check_ajax_referer') ) :
|
if ( !function_exists('check_ajax_referer') ) :
|
||||||
function check_ajax_referer() {
|
function check_ajax_referer() {
|
||||||
|
$current_name = '';
|
||||||
|
if ( ( $current = wp_get_current_user() ) && $current->ID )
|
||||||
|
$current_name = $current->data->user_login;
|
||||||
|
if ( !$current_name )
|
||||||
|
die('-1');
|
||||||
|
|
||||||
$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
|
$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
|
||||||
foreach ( $cookie as $tasty ) {
|
foreach ( $cookie as $tasty ) {
|
||||||
if ( false !== strpos($tasty, USER_COOKIE) )
|
if ( false !== strpos($tasty, USER_COOKIE) )
|
||||||
@ -356,7 +362,8 @@ function check_ajax_referer() {
|
|||||||
if ( false !== strpos($tasty, PASS_COOKIE) )
|
if ( false !== strpos($tasty, PASS_COOKIE) )
|
||||||
$pass = substr(strstr($tasty, '='), 1);
|
$pass = substr(strstr($tasty, '='), 1);
|
||||||
}
|
}
|
||||||
if ( !wp_login( $user, $pass, true ) )
|
|
||||||
|
if ( $current_name != $user || !wp_login( $user, $pass, true ) )
|
||||||
die('-1');
|
die('-1');
|
||||||
do_action('check_ajax_referer');
|
do_action('check_ajax_referer');
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user