WordPress.org

Make WordPress Core

Ticket #4939: 4939.diff

File 4939.diff, 977 bytes (added by mdawaffe, 11 years ago)
  • wp-includes/pluggable.php

     
    349349
    350350if ( !function_exists('check_ajax_referer') ) :
    351351function check_ajax_referer() {
     352        $current_name = '';
     353        if ( ( $current = wp_get_current_user() ) && $current->ID )
     354                $current_name = $current->data->user_login;
     355        if ( !$current_name )
     356                die('-1');
     357
    352358        $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
    353359        foreach ( $cookie as $tasty ) {
    354360                if ( false !== strpos($tasty, USER_COOKIE) )
     
    356362                if ( false !== strpos($tasty, PASS_COOKIE) )
    357363                        $pass = substr(strstr($tasty, '='), 1);
    358364        }
    359         if ( !wp_login( $user, $pass, true ) )
     365
     366        if ( $current_name != $user || !wp_login( $user, $pass, true ) )
    360367                die('-1');
    361368        do_action('check_ajax_referer');
    362369}