Remove cookie checking from check_ajax_referer(). Check nonces instead. Props mdawaffe. fixes #5782

git-svn-id: http://svn.automattic.com/wordpress/trunk@6739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-02-06 21:19:47 +00:00
parent 6c312db33c
commit 7b946b9007
7 changed files with 20 additions and 33 deletions

View File

@ -467,7 +467,7 @@ case 'add-user' :
$x->send(); $x->send();
break; break;
case 'autosave' : // The name of this action is hardcoded in edit_post() case 'autosave' : // The name of this action is hardcoded in edit_post()
check_ajax_referer( $action ); check_ajax_referer( 'autosave', 'autosavenonce' );
$_POST['post_content'] = $_POST['content']; $_POST['post_content'] = $_POST['content'];
$_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_excerpt'] = $_POST['excerpt'];
$_POST['post_status'] = 'draft'; $_POST['post_status'] = 'draft';
@ -499,7 +499,7 @@ case 'autosave' : // The name of this action is hardcoded in edit_post()
die('0'); die('0');
break; break;
case 'autosave-generate-nonces' : case 'autosave-generate-nonces' :
check_ajax_referer( $action ); check_ajax_referer( 'autosave', 'autosavenonce' );
$ID = (int) $_POST['post_ID']; $ID = (int) $_POST['post_ID'];
if($_POST['post_type'] == 'post') { if($_POST['post_type'] == 'post') {
if(current_user_can('edit_post', $ID)) if(current_user_can('edit_post', $ID))

View File

@ -88,6 +88,7 @@ addLoadEvent(focusit);
<div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea"> <div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea">
<h3><?php _e('Post') ?></h3> <h3><?php _e('Post') ?></h3>
<?php the_editor($post->post_content); ?> <?php the_editor($post->post_content); ?>
<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
</div> </div>
<?php echo $form_pingback ?> <?php echo $form_pingback ?>

View File

@ -39,6 +39,7 @@ addLoadEvent(focusit);
} }
?> ?>
<div><textarea rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content"><?php echo $post->post_content ?></textarea></div> <div><textarea rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content"><?php echo $post->post_content ?></textarea></div>
<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
</fieldset> </fieldset>

View File

@ -56,6 +56,7 @@ addLoadEvent(focusit);
<div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea"> <div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea">
<h3><?php _e('Page') ?></h3> <h3><?php _e('Page') ?></h3>
<?php the_editor($post->post_content); ?> <?php the_editor($post->post_content); ?>
<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
</div> </div>
<div id="submitpost"> <div id="submitpost">

View File

@ -36,7 +36,7 @@ function autosave_update_post_ID(response) {
jQuery.post(autosaveL10n.requestFile, { jQuery.post(autosaveL10n.requestFile, {
action: "autosave-generate-nonces", action: "autosave-generate-nonces",
post_ID: res, post_ID: res,
cookie: document.cookie, autosavenonce: jQuery('#autosavenonce').val(),
post_type: jQuery('#post_type').val() post_type: jQuery('#post_type').val()
}, function(html) { }, function(html) {
jQuery('#_wpnonce').val(html); jQuery('#_wpnonce').val(html);
@ -87,7 +87,7 @@ function autosave() {
action: "autosave", action: "autosave",
post_ID: jQuery("#post_ID").val() || 0, post_ID: jQuery("#post_ID").val() || 0,
post_title: jQuery("#title").val() || "", post_title: jQuery("#title").val() || "",
cookie: document.cookie, autosavenonce: jQuery('#autosavenonce').val(),
tags_input: jQuery("#tags-input").val() || "", tags_input: jQuery("#tags-input").val() || "",
post_type: jQuery('#post_type').val() || "" post_type: jQuery('#post_type').val() || ""
}; };
@ -99,7 +99,7 @@ function autosave() {
tinyMCE.triggerSave(); tinyMCE.triggerSave();
} }
post_data["content"] = jQuery("#content").val(); post_data["content"] = jQuery("#content").val();
if(post_data["post_title"].length==0 || post_data["content"].length==0 || post_data["post_title"] + post_data["content"] == autosaveLast) { if(post_data["post_title"].length==0 || post_data["content"].length==0 || post_data["post_title"] + post_data["content"] == autosaveLast) {
return; return;

View File

@ -635,11 +635,12 @@ if ( !function_exists('check_admin_referer') ) :
* @uses do_action() Calls 'check_admin_referer' on $action. * @uses do_action() Calls 'check_admin_referer' on $action.
* *
* @param string $action Action nonce * @param string $action Action nonce
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
*/ */
function check_admin_referer($action = -1) { function check_admin_referer($action = -1, $query_arg = '_wpnonce' ) {
$adminurl = strtolower(get_option('siteurl')).'/wp-admin'; $adminurl = strtolower(get_option('siteurl')).'/wp-admin';
$referer = strtolower(wp_get_referer()); $referer = strtolower(wp_get_referer());
if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) && if ( !wp_verify_nonce($_REQUEST[$query_arg], $action) &&
!(-1 == $action && strpos($referer, $adminurl) !== false)) { !(-1 == $action && strpos($referer, $adminurl) !== false)) {
wp_nonce_ays($action); wp_nonce_ays($action);
die(); die();
@ -654,34 +655,17 @@ if ( !function_exists('check_ajax_referer') ) :
* @since 2.0.4 * @since 2.0.4
* *
* @param string $action Action nonce * @param string $action Action nonce
* @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
*/ */
function check_ajax_referer( $action = -1 ) { function check_ajax_referer( $action = -1, $query_arg = false ) {
$nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce']; if ( $query_arg )
if ( !wp_verify_nonce( $nonce, $action ) ) { $nonce = $_REQUEST[$query_arg];
$current_id = ''; else
if ( ( $current = wp_get_current_user() ) && $current->ID ) $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
$current_id = $current->ID;
if ( !$current_id )
die('-1');
$auth_cookie = ''; if ( !wp_verify_nonce( $nonce, $action ) )
$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie die('-1');
foreach ( $cookie as $tasty ) {
if ( false !== strpos($tasty, AUTH_COOKIE . '=') ) {
$auth_cookie = substr(strstr($tasty, '='), 1);
break;
}
}
if ( empty($auth_cookie) )
die('-1');
if ( ! $user_id = wp_validate_auth_cookie( $auth_cookie ) )
die('-1');
if ( $current_id != $user_id )
die('-1');
}
do_action('check_ajax_referer'); do_action('check_ajax_referer');
} }
endif; endif;

View File

@ -37,7 +37,7 @@ class WP_Scripts {
$this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.6'); $this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.6');
$this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080104'); $this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080206');
$this->localize( 'autosave', 'autosaveL10n', array( $this->localize( 'autosave', 'autosaveL10n', array(
'autosaveInterval' => apply_filters('autosave_interval', '120'), 'autosaveInterval' => apply_filters('autosave_interval', '120'),
'errorText' => __('Error: %response%'), 'errorText' => __('Error: %response%'),