WordPress.org

Make WordPress Core

Ticket #16449: incorrect_referer_check.patch

File incorrect_referer_check.patch, 536 bytes (added by indie-ulf, 7 years ago)

patch

  • wp-includes/pluggable.php

    old new  
    825825        $adminurl = strtolower(admin_url());
    826826        $referer = strtolower(wp_get_referer());
    827827        $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
    828         if ( !$result && !(-1 == $action && strpos($referer, $adminurl) !== false) ) {
     828        if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) {
    829829                wp_nonce_ays($action);
    830830                die();
    831831        }