nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for trunk

git-svn-id: http://svn.automattic.com/wordpress/trunk@5039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2007-03-14 23:10:57 +00:00
parent 8772cbfa13
commit 95df22248d
4 changed files with 22 additions and 6 deletions

View File

@ -25,14 +25,20 @@ $comment_content = trim($_POST['comment']);
// If the user is logged in // If the user is logged in
$user = wp_get_current_user(); $user = wp_get_current_user();
if ( $user->ID ) : if ( $user->ID ) {
$comment_author = $wpdb->escape($user->display_name); $comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email); $comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url); $comment_author_url = $wpdb->escape($user->user_url);
else : if ( current_user_can('unfiltered_html') ) {
if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
kses_remove_filters(); // start with a clean slate
kses_init_filters(); // set up the filters
}
}
} else {
if ( get_option('comment_registration') ) if ( get_option('comment_registration') )
wp_die( __('Sorry, you must be logged in to post a comment.') ); wp_die( __('Sorry, you must be logged in to post a comment.') );
endif; }
$comment_type = ''; $comment_type = '';

View File

@ -271,6 +271,12 @@ function pings_open() {
return false; return false;
} }
function wp_comment_form_unfiltered_html_nonce() {
global $post;
if ( current_user_can('unfiltered_html') )
wp_nonce_field('unfiltered-html-comment_' . $post->ID, '_wp_unfiltered_html_comment', false);
}
function comments_template( $file = '/comments.php' ) { function comments_template( $file = '/comments.php' ) {
global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity; global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;

View File

@ -31,6 +31,8 @@ add_filter('pre_comment_author_name', 'wp_filter_kses');
add_filter('pre_comment_author_email', 'wp_filter_kses'); add_filter('pre_comment_author_email', 'wp_filter_kses');
add_filter('pre_comment_author_url', 'wp_filter_kses'); add_filter('pre_comment_author_url', 'wp_filter_kses');
add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce');
// Default filters for these functions // Default filters for these functions
add_filter('comment_author', 'wptexturize'); add_filter('comment_author', 'wptexturize');
add_filter('comment_author', 'convert_chars'); add_filter('comment_author', 'convert_chars');

View File

@ -1000,9 +1000,11 @@ function wp_nonce_url($actionurl, $action = -1) {
return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl)); return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl));
} }
function wp_nonce_field($action = -1) { function wp_nonce_field($action = -1, $name = "_wpnonce", $referer = true) {
echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />'; $name = attribute_escape($name);
wp_referer_field(); echo '<input type="hidden" name="' . $name . '" value="' . wp_create_nonce($action) . '" />';
if ( $referer )
wp_referer_field();
} }
function wp_referer_field() { function wp_referer_field() {