Ticket #2977: 2977.diff

File 2977.diff, 804 bytes (added by mdawaffe, 6 years ago)

WP interface with old version of sack seems to require double (en|de)coding

  • wp-includes/pluggable-functions.php

     
    245245        $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie 
    246246        foreach ( $cookie as $tasty ) { 
    247247                if ( false !== strpos($tasty, USER_COOKIE) ) 
    248                         $user = substr(strstr($tasty, '='), 1); 
     248                        $user = urldecode(substr(strstr($tasty, '='), 1)); // Nasty double encoding 
    249249                if ( false !== strpos($tasty, PASS_COOKIE) ) 
    250                         $pass = substr(strstr($tasty, '='), 1); 
     250                        $pass = urldecode(substr(strstr($tasty, '='), 1)); 
    251251        } 
    252252        if ( wp_login( $user, $pass, true ) ) 
    253253                return true;