Ticket #13791: 13791.diff
File 13791.diff, 5.8 KB (added by , 14 years ago) |
---|
-
wp-comments-post.php
55 55 // If the user is logged in 56 56 $user = wp_get_current_user(); 57 57 if ( $user->ID ) { 58 check_admin_referer( "submit-comment_$comment_post_ID", '_wp_comment_nonce' ); 59 58 60 if ( empty( $user->display_name ) ) 59 61 $user->display_name=$user->user_login; 60 62 $comment_author = $wpdb->escape($user->display_name); 61 63 $comment_author_email = $wpdb->escape($user->user_email); 62 64 $comment_author_url = $wpdb->escape($user->user_url); 65 63 66 if ( current_user_can('unfiltered_html') ) { 64 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 65 kses_remove_filters(); // start with a clean slate 66 kses_init_filters(); // set up the filters 67 } 67 kses_remove_filters(); // start with a clean slate 68 kses_init_filters(); // set up the filters 68 69 } 69 70 } else { 70 71 if ( get_option('comment_registration') || 'private' == $status ) -
wp-includes/default-filters.php
227 227 add_action( 'publish_post', '_publish_post_hook', 5, 1 ); 228 228 add_action( 'save_post', '_save_post_hook', 5, 2 ); 229 229 add_action( 'transition_post_status', '_transition_post_status', 5, 3 ); 230 add_action( 'comment_form', 'wp_comment_form_unfiltered_html_nonce');230 add_action( 'comment_form', 'wp_comment_form_nonce' ); 231 231 add_action( 'wp_scheduled_delete', 'wp_scheduled_delete' ); 232 add_action( 'pre_comment_on_post', 'wp_comment_impersonation' ); 233 add_action( 'comment_impersonation', 'wp_comment_impersonation_email' ); 232 234 233 235 // Navigation menu actions 234 236 add_action( 'trash_post', '_wp_trash_menu_item' ); -
wp-includes/comment.php
1836 1836 $client->query('weblogUpdates.ping', get_option('blogname'), $home); 1837 1837 } 1838 1838 1839 1840 /** 1841 * Hook for preventing comment impersonation of registered user by logged out 1842 * user. 1843 * 1844 * Impersonation of registered user by logged in user handled by 1845 * wp-comments-post.php 1846 * 1847 * CSRF protection for logged in users provided by wp_comment_form_nonce() 1848 * 1849 * @since 3.1 1850 * @uses do_action() Calls 'comment_impersonation' hook. 1851 */ 1852 function wp_comment_impersonation() { 1853 global $current_user; 1854 1855 // It's a registered user. Depend on: 1856 // CSRF prevention in wp_comment_form_nonce() 1857 // form submission overwrite in wp-comments-post.php 1858 if ( $current_user->ID ) 1859 return; 1860 1861 do_action( 'comment_impersonation' ); 1862 } 1863 1864 /** 1865 * Default comment impersonation prevention method. 1866 * 1867 * Attached to 'comment_impersonation' hook. 1868 * 1869 * @since 3.1 1870 * @uses wp_comment_impersonation_email_check() 1871 */ 1872 function wp_comment_impersonation_email() { 1873 add_filter( 'pre_comment_author_email', 'wp_comment_impersonation_email_check', 100 ); 1874 } 1875 1876 /** 1877 * Checks email submitted by non-logged-in commenter to catch impersonation 1878 * attempts. 1879 * 1880 * Attached to 'pre_comment_author_email' hook by 1881 * wp_comment_impersonation_email() 1882 * 1883 * @since 3.1 1884 * 1885 * @param string $email Email address to check 1886 * @return string unchanged email or wp_die() 1887 */ 1888 function wp_comment_impersonation_email_check( $email ) { 1889 if ( get_user_by_email( $email ) ) 1890 wp_die( __( 'Howdy, Mr. Abagnale.' ) ); 1891 1892 return $email; 1893 } 1894 1839 1895 // 1840 1896 // Cache 1841 1897 // -
wp-includes/comment-template.php
770 770 } 771 771 772 772 /** 773 * Displays form token for unfilteredcomments.773 * Displays form token for comments. 774 774 * 775 * Will only display nonce token if the current user has permissions for776 * unfiltered html. Won't display the token for other users.775 * CSRF protection for comments from registered users. Does not protect against 776 * "manual" impersonation. 777 777 * 778 * The function was backported to 2.0.10 and was added to versions 2.1.3 and779 * above. Does not exist in versions prior to 2.0.10 in the 2.0 branch and in780 * the 2.1 branch, prior to 2.1.3. Technically added in 2.2.0.781 *782 * Backported to 2.0.10.783 *784 778 * @since 2.1.3 779 * @since 2.0.10 785 780 * @uses $post Gets the ID of the current post for the token 786 781 */ 787 function wp_comment_form_ unfiltered_html_nonce() {782 function wp_comment_form_nonce() { 788 783 global $post; 789 784 790 785 $post_id = 0; 791 786 if ( !empty($post) ) 792 787 $post_id = $post->ID; 793 788 794 if ( current_user_can('unfiltered_html') ) 795 wp_nonce_field('unfiltered-html-comment_' . $post_id, '_wp_unfiltered_html_comment', false); 789 wp_nonce_field( "submit-comment_$post_id", '_wp_comment_nonce', false ); 796 790 } 797 791 798 792 /** -
wp-admin/admin-ajax.php
721 721 $comment_author_email = $wpdb->escape($user->user_email); 722 722 $comment_author_url = $wpdb->escape($user->user_url); 723 723 $comment_content = trim($_POST['content']); 724 724 725 if ( current_user_can('unfiltered_html') ) { 725 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 726 kses_remove_filters(); // start with a clean slate 727 kses_init_filters(); // set up the filters 728 } 726 kses_remove_filters(); // start with a clean slate 727 kses_init_filters(); // set up the filters 729 728 } 730 729 } else { 731 730 die( __('Sorry, you must be logged in to reply to a comment.') );