WordPress.org

Make WordPress Core

Ticket #4939: 4939.diff

File 4939.diff, 977 bytes (added by mdawaffe, 7 years ago)
  • wp-includes/pluggable.php

     
    349349 
    350350if ( !function_exists('check_ajax_referer') ) : 
    351351function check_ajax_referer() { 
     352        $current_name = ''; 
     353        if ( ( $current = wp_get_current_user() ) && $current->ID ) 
     354                $current_name = $current->data->user_login; 
     355        if ( !$current_name ) 
     356                die('-1'); 
     357 
    352358        $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie 
    353359        foreach ( $cookie as $tasty ) { 
    354360                if ( false !== strpos($tasty, USER_COOKIE) ) 
     
    356362                if ( false !== strpos($tasty, PASS_COOKIE) ) 
    357363                        $pass = substr(strstr($tasty, '='), 1); 
    358364        } 
    359         if ( !wp_login( $user, $pass, true ) ) 
     365 
     366        if ( $current_name != $user || !wp_login( $user, $pass, true ) ) 
    360367                die('-1'); 
    361368        do_action('check_ajax_referer'); 
    362369}