Protect log out actions against CSRF. Props markjaquith and ionfish. Fixes #7790.

git-svn-id: http://svn.automattic.com/wordpress/trunk@9025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
westi 2008-09-28 21:05:37 +00:00
parent 3a0c8ef52c
commit f419d59754
8 changed files with 48 additions and 8 deletions

View File

@ -150,7 +150,7 @@ if ( ! $is_opera ) {
</div>
<?php } ?>
<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo site_url('wp-login.php?action=logout', 'login') ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> <?php if ( ! $is_opera ) { ?> | <span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Turbo') ?></a></span><?php } ?></p></div>
<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> | <a href="<?php echo wp_logout_url() ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> <?php if ( ! $is_opera ) { ?> | <span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Turbo') ?></a></span><?php } ?></p></div>
<?php
require(ABSPATH . 'wp-admin/menu-header.php');

View File

@ -62,7 +62,7 @@ if ( post_password_required($commentstatus) ) { // and it doesn't match the coo
<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">
<?php if ( $user_ID ) : ?>
<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout" title="<?php echo attribute_escape(__('Log out of this account')); ?>"><?php _e('Log out &raquo;'); ?></a></p>
<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(); ?>" title="<?php echo attribute_escape(__('Log out of this account')); ?>"><?php _e('Log out &raquo;'); ?></a></p>
<?php else : ?>
<p>
<input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />

View File

@ -49,7 +49,7 @@ if ( post_password_required() ) : ?>
<?php if ( $user_ID ) : ?>
<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout" title="<?php _e('Log out of this account') ?>"><?php _e('Log out &raquo;'); ?></a></p>
<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(get_permalink()); ?>" title="<?php _e('Log out of this account') ?>"><?php _e('Log out &raquo;'); ?></a></p>
<?php else : ?>

View File

@ -62,7 +62,7 @@ if ( post_password_required($post) ) { // and it doesn't match the cookie
<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">
<?php if ( $user_ID ) : ?>
<p>Logged in as <a href="<?php echo get_option('siteurl'); ?>/wp-admin/profile.php"><?php echo $user_identity; ?></a>. <a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout" title="Log out of this account">Log out &raquo;</a></p>
<p>Logged in as <a href="<?php echo get_option('siteurl'); ?>/wp-admin/profile.php"><?php echo $user_identity; ?></a>. <a href="<?php echo wp_logout_url(get_permalink()); ?>" title="Log out of this account">Log out &raquo;</a></p>
<?php else : ?>
<p>
<input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />

View File

@ -58,7 +58,7 @@
<?php if ( $user_ID ) : ?>
<p>Logged in as <a href="<?php echo get_option('siteurl'); ?>/wp-admin/profile.php"><?php echo $user_identity; ?></a>. <a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout" title="Log out of this account">Log out &raquo;</a></p>
<p>Logged in as <a href="<?php echo get_option('siteurl'); ?>/wp-admin/profile.php"><?php echo $user_identity; ?></a>. <a href="<?php echo wp_logout_url(get_permalink()); ?>" title="Log out of this account">Log out &raquo;</a></p>
<?php else : ?>

View File

@ -2145,6 +2145,8 @@ function wp_explain_nonce( $action ) {
$trans['edit']['theme'] = array( __( 'Your attempt to edit this theme file: &quot;%s&quot; has failed.' ), 'use_id' );
$trans['switch']['theme'] = array( __( 'Your attempt to switch to this theme: &quot;%s&quot; has failed.' ), 'use_id' );
$trans['log']['out'] = array( sprintf( __( 'You are attempting to log out of %s' ), get_bloginfo( 'sitename' ) ), false );
if ( isset( $trans[$verb][$noun] ) ) {
if ( !empty( $trans[$verb][$noun][1] ) ) {
$lookup = $trans[$verb][$noun][1];
@ -2178,6 +2180,9 @@ function wp_nonce_ays( $action ) {
$html = wp_specialchars( wp_explain_nonce( $action ) );
if ( wp_get_referer() )
$html .= "</p><p><a href='" . remove_query_arg( 'updated', clean_url( wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
elseif ( 'log-out' == $action )
$html .= "</p><p>" . sprintf( __( "Do you really want to <a href='%s'>log out</a>?"), wp_nonce_url( site_url('wp-login.php?action=logout', 'login'), 'log-out' ) );
wp_die( $html, $title);
}

View File

@ -104,13 +104,48 @@ function get_sidebar( $name = null ) {
*/
function wp_loginout() {
if ( ! is_user_logged_in() )
$link = '<a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in') . '</a>';
$link = '<a href="' . wp_login_url() . '">' . __('Log in') . '</a>';
else
$link = '<a href="' . site_url('wp-login.php?action=logout', 'login') . '">' . __('Log out') . '</a>';
$link = '<a href="' . wp_logout_url() . '">' . __('Log out') . '</a>';
echo apply_filters('loginout', $link);
}
/**
* Returns the Log Out URL.
*
* Returns the URL that allows the user to log out of the site
*
* @since 2.7
* @uses wp_nonce_url() To protect against CSRF
* @uses site_url() To generate the log in URL
*
* @param string $redirect Path to redirect to on logout.
*/
function wp_logout_url($redirect = '') {
if ( strlen($redirect) )
$redirect = "&redirect_to=$redirect";
return wp_nonce_url( site_url("wp-login.php?action=logout$redirect", 'login'), 'log-out' );
}
/**
* Returns the Log In URL.
*
* Returns the URL that allows the user to log in to the site
*
* @since 2.7
* @uses site_url() To generate the log in URL
*
* @param string $redirect Path to redirect to on login.
*/
function wp_login_url($redirect = '') {
if ( strlen($redirect) )
$redirect = "?redirect_to=$redirect";
return site_url("wp-login.php$redirect", 'login');
}
/**
* Display the Registration or Admin link.
*

View File

@ -272,7 +272,7 @@ $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
switch ($action) {
case 'logout' :
check_admin_referer('log-out');
wp_logout();
$redirect_to = 'wp-login.php?loggedout=true';