WordPress.org

Make WordPress Core

Ticket #16449: incorrect_referer_check.patch

File incorrect_referer_check.patch, 536 bytes (added by indie-ulf, 5 years ago)

patch

  • wp-includes/pluggable.php

    old new  
    825825        $adminurl = strtolower(admin_url()); 
    826826        $referer = strtolower(wp_get_referer()); 
    827827        $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false; 
    828         if ( !$result && !(-1 == $action && strpos($referer, $adminurl) !== false) ) { 
     828        if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) { 
    829829                wp_nonce_ays($action); 
    830830                die(); 
    831831        }