WordPress.org

Make WordPress Core

Ticket #26706: 26706.diff

File 26706.diff, 2.2 KB (added by rmccue, 7 years ago)

Convert get_currentuserinfo to use filters instead of hardcoding cookie functions

  • wp-includes/default-filters.php

    diff --git wp-includes/default-filters.php wp-includes/default-filters.php
    index b6c7527..9b8f1b3 100644
    add_filter( 'heartbeat_nopriv_received', 'wp_auth_check', 10, 2 ); 
    301301add_filter( 'authenticate', 'wp_authenticate_username_password',  20, 3 );
    302302add_filter( 'authenticate', 'wp_authenticate_spam_check',         99    );
    303303
     304// Default user checking filters
     305add_filter( 'get_currentuserinfo', 'wp_validate_auth_cookie' );
     306add_filter( 'get_currentuserinfo', 'wp_validate_logged_in_cookie', 20 );
     307
    304308unset($filter, $action);
  • wp-includes/pluggable.php

    diff --git wp-includes/pluggable.php wp-includes/pluggable.php
    index aca94f3..5b46f91 100644
    function get_currentuserinfo() { 
    9797                return false;
    9898        }
    9999
    100         if ( ! $user = wp_validate_auth_cookie() ) {
    101                  if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[LOGGED_IN_COOKIE] ) || !$user = wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' ) ) {
    102                         wp_set_current_user( 0 );
    103                         return false;
    104                  }
     100        /**
     101         * Allows filtering the user parsed from the current request data.
     102         *
     103         * The default filters use this to determine the current user from the
     104         * request's cookies, if available.
     105         *
     106         * @since 3.9.0
     107         *
     108         * @param int|boolean $user User ID if determined, or false otherwise
     109         */
     110        $user = apply_filters( 'get_currentuserinfo', false );
     111        if ( ! $user ) {
     112                wp_set_current_user( 0 );
     113                return false;
    105114        }
    106115
    107116        wp_set_current_user( $user );
  • wp-includes/user.php

    diff --git wp-includes/user.php wp-includes/user.php
    index 3bc29e1..287e697 100644
    function wp_authenticate_spam_check( $user ) { 
    147147}
    148148
    149149/**
     150 * Validates logged in cookie.
     151 *
     152 * Checks the logged_in cookie if the previous auth cookie could not be
     153 * validated and parsed.
     154 *
     155 * @since 3.9.0
     156 */
     157function wp_validate_logged_in_cookie( $user ) {
     158        if ( $user ) {
     159                return $user;
     160        }
     161
     162        if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[LOGGED_IN_COOKIE] ) ) {
     163                return false;
     164        }
     165
     166        return wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' );
     167}
     168
     169/**
    150170 * Number of posts user has written.
    151171 *
    152172 * @since 3.0.0