From f419d59754b27d0ef04db2fd99744de92fa27dd8 Mon Sep 17 00:00:00 2001 From: westi Date: Sun, 28 Sep 2008 21:05:37 +0000 Subject: [PATCH] Protect log out actions against CSRF. Props markjaquith and ionfish. Fixes #7790. git-svn-id: http://svn.automattic.com/wordpress/trunk@9025 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin-header.php | 2 +- wp-content/themes/classic/comments-popup.php | 2 +- wp-content/themes/classic/comments.php | 2 +- wp-content/themes/default/comments-popup.php | 2 +- wp-content/themes/default/comments.php | 2 +- wp-includes/functions.php | 5 +++ wp-includes/general-template.php | 39 +++++++++++++++++++- wp-login.php | 2 +- 8 files changed, 48 insertions(+), 8 deletions(-) diff --git a/wp-admin/admin-header.php b/wp-admin/admin-header.php index b863e88131..555efc3aaa 100644 --- a/wp-admin/admin-header.php +++ b/wp-admin/admin-header.php @@ -150,7 +150,7 @@ if ( ! $is_opera ) { -

%2$s!'), 'profile.php', $user_identity) ?> | |

+

%2$s!'), 'profile.php', $user_identity) ?> | |

/wp-comments-post.php" method="post" id="commentform"> -

'.$user_identity.''); ?>

+

'.$user_identity.''); ?>

diff --git a/wp-content/themes/classic/comments.php b/wp-content/themes/classic/comments.php index d1b6ef58c5..06b4ef70b7 100644 --- a/wp-content/themes/classic/comments.php +++ b/wp-content/themes/classic/comments.php @@ -49,7 +49,7 @@ if ( post_password_required() ) : ?> -

'.$user_identity.''); ?>

+

'.$user_identity.''); ?>

diff --git a/wp-content/themes/default/comments-popup.php b/wp-content/themes/default/comments-popup.php index 6a5a869e51..6109c02daa 100644 --- a/wp-content/themes/default/comments-popup.php +++ b/wp-content/themes/default/comments-popup.php @@ -62,7 +62,7 @@ if ( post_password_required($post) ) { // and it doesn't match the cookie
-

Logged in as . Log out »

+

Logged in as . Log out »

diff --git a/wp-content/themes/default/comments.php b/wp-content/themes/default/comments.php index 7832a00cb2..cdaf8b4353 100644 --- a/wp-content/themes/default/comments.php +++ b/wp-content/themes/default/comments.php @@ -58,7 +58,7 @@ -

Logged in as . Log out »

+

Logged in as . Log out »

diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 7cb76e1772..3aaa535334 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -2145,6 +2145,8 @@ function wp_explain_nonce( $action ) { $trans['edit']['theme'] = array( __( 'Your attempt to edit this theme file: "%s" has failed.' ), 'use_id' ); $trans['switch']['theme'] = array( __( 'Your attempt to switch to this theme: "%s" has failed.' ), 'use_id' ); + $trans['log']['out'] = array( sprintf( __( 'You are attempting to log out of %s' ), get_bloginfo( 'sitename' ) ), false ); + if ( isset( $trans[$verb][$noun] ) ) { if ( !empty( $trans[$verb][$noun][1] ) ) { $lookup = $trans[$verb][$noun][1]; @@ -2178,6 +2180,9 @@ function wp_nonce_ays( $action ) { $html = wp_specialchars( wp_explain_nonce( $action ) ); if ( wp_get_referer() ) $html .= "

" . __( 'Please try again.' ) . ""; + elseif ( 'log-out' == $action ) + $html .= "

" . sprintf( __( "Do you really want to log out?"), wp_nonce_url( site_url('wp-login.php?action=logout', 'login'), 'log-out' ) ); + wp_die( $html, $title); } diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php index d8228f1ed4..426e958b6c 100644 --- a/wp-includes/general-template.php +++ b/wp-includes/general-template.php @@ -104,13 +104,48 @@ function get_sidebar( $name = null ) { */ function wp_loginout() { if ( ! is_user_logged_in() ) - $link = '' . __('Log in') . ''; + $link = '' . __('Log in') . ''; else - $link = '' . __('Log out') . ''; + $link = '' . __('Log out') . ''; echo apply_filters('loginout', $link); } +/** + * Returns the Log Out URL. + * + * Returns the URL that allows the user to log out of the site + * + * @since 2.7 + * @uses wp_nonce_url() To protect against CSRF + * @uses site_url() To generate the log in URL + * + * @param string $redirect Path to redirect to on logout. + */ +function wp_logout_url($redirect = '') { + if ( strlen($redirect) ) + $redirect = "&redirect_to=$redirect"; + + return wp_nonce_url( site_url("wp-login.php?action=logout$redirect", 'login'), 'log-out' ); +} + +/** + * Returns the Log In URL. + * + * Returns the URL that allows the user to log in to the site + * + * @since 2.7 + * @uses site_url() To generate the log in URL + * + * @param string $redirect Path to redirect to on login. + */ +function wp_login_url($redirect = '') { + if ( strlen($redirect) ) + $redirect = "?redirect_to=$redirect"; + + return site_url("wp-login.php$redirect", 'login'); +} + /** * Display the Registration or Admin link. * diff --git a/wp-login.php b/wp-login.php index 30b3d1357e..6dc6d769f2 100644 --- a/wp-login.php +++ b/wp-login.php @@ -272,7 +272,7 @@ $http_post = ('POST' == $_SERVER['REQUEST_METHOD']); switch ($action) { case 'logout' : - + check_admin_referer('log-out'); wp_logout(); $redirect_to = 'wp-login.php?loggedout=true';