Ticket #5782: 5782.diff

wp-includes/js/autosave.js

@@ -36 +36 @@
                 jQuery.post(autosaveL10n.requestFile, {
                         action: "autosave-generate-nonces",
                         post_ID: res,
-                        cookie: document.cookie,
+                        autosavenonce: jQuery('#autosavenonce').val(),
                         post_type: jQuery('#post_type').val()
                 }, function(html) {
                         jQuery('#_wpnonce').val(html);
@@ -87 +87 @@
                         action: "autosave",
                         post_ID:  jQuery("#post_ID").val() || 0,
                         post_title: jQuery("#title").val() || "",
-                        cookie: document.cookie,
+                        autosavenonce: jQuery('#autosavenonce').val(),
                         tags_input: jQuery("#tags-input").val() || "",
                         post_type: jQuery('#post_type').val() || ""
                 };
@@ -99 +99 @@
                 tinyMCE.triggerSave();
         } 
         
-    post_data["content"] = jQuery("#content").val();
+        post_data["content"] = jQuery("#content").val();
 
         if(post_data["post_title"].length==0 || post_data["content"].length==0 || post_data["post_title"] + post_data["content"] == autosaveLast) {
                 return;

wp-includes/pluggable.php

@@ -635 +635 @@
  * @uses do_action() Calls 'check_admin_referer' on $action.
  *
  * @param string $action Action nonce
+ * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
  */
-function check_admin_referer($action = -1) {
+function check_admin_referer($action = -1, $query_arg = '_wpnonce' ) {
         $adminurl = strtolower(get_option('siteurl')).'/wp-admin';
         $referer = strtolower(wp_get_referer());
-        if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
+        if ( !wp_verify_nonce($_REQUEST[$query_arg], $action) &&
                 !(-1 == $action && strpos($referer, $adminurl) !== false)) {
                 wp_nonce_ays($action);
                 die();
@@ -654 +655 @@
  * @since 2.0.4
  *
  * @param string $action Action nonce
+ * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
  */
-function check_ajax_referer( $action = -1 ) {
-        $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
-        if ( !wp_verify_nonce( $nonce, $action ) ) {
-                $current_id = '';
-                if ( ( $current = wp_get_current_user() ) && $current->ID )
-                        $current_id = $current->ID;
-                if ( !$current_id )
-                        die('-1');
+function check_ajax_referer( $action = -1, $query_arg = false ) {
+        if ( $query_arg )
+                $nonce = $_REQUEST[$query_arg];
+        else
+                $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
 
-                $auth_cookie = '';
-                $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
-                foreach ( $cookie as $tasty ) {
-                        if ( false !== strpos($tasty, AUTH_COOKIE . '=') ) {
-                                $auth_cookie = substr(strstr($tasty, '='), 1);
-                                break;
-                        }
-                }
+        if ( !wp_verify_nonce( $nonce, $action ) ) 
+                die('-1');
 
-                if ( empty($auth_cookie) )
-                        die('-1');
-
-                if ( ! $user_id = wp_validate_auth_cookie( $auth_cookie ) )
-                        die('-1');
-
-                if ( $current_id != $user_id )
-                        die('-1');
-        }
         do_action('check_ajax_referer');
 }
 endif;

wp-includes/script-loader.php

@@ -37 +37 @@
 
                 $this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.6');
 
-                $this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080104');
+                $this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080206');
                 $this->localize( 'autosave', 'autosaveL10n', array(
                         'autosaveInterval' => apply_filters('autosave_interval', '120'),
                         'errorText' => __('Error: %response%'),

wp-admin/admin-ajax.php

@@ -467 +467 @@
         $x->send();
         break;
 case 'autosave' : // The name of this action is hardcoded in edit_post()
-        check_ajax_referer( $action );
+        check_ajax_referer( 'autosave', 'autosavenonce' );
         $_POST['post_content'] = $_POST['content'];
         $_POST['post_excerpt'] = $_POST['excerpt'];
         $_POST['post_status'] = 'draft';
@@ -499 +499 @@
         die('0');
 break;
 case 'autosave-generate-nonces' :
-        check_ajax_referer( $action );
+        check_ajax_referer( 'autosave', 'autosavenonce' );
         $ID = (int) $_POST['post_ID'];
         if($_POST['post_type'] == 'post') {
                 if(current_user_can('edit_post', $ID))

wp-admin/edit-page-form.php

@@ -56 +56 @@
 <div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea">
 <h3><?php _e('Page') ?></h3>
 <?php the_editor($post->post_content); ?>
+<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
 </div>
 
 <div id="submitpost">

wp-admin/edit-form.php

@@ -39 +39 @@
  }
 ?>
 <div><textarea rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content"><?php echo $post->post_content ?></textarea></div>
+<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
 </fieldset>
 
 

wp-admin/edit-form-advanced.php

@@ -88 +88 @@
 <div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea">
 <h3><?php _e('Post') ?></h3>
 <?php the_editor($post->post_content); ?>
+<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
 </div>
 
 <?php echo $form_pingback ?>