Make WordPress Core

Changeset 5039


Ignore:
Timestamp:
03/14/2007 11:10:57 PM (18 years ago)
Author:
markjaquith
Message:

nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for trunk

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-comments-post.php

    r4939 r5039  
    2626// If the user is logged in
    2727$user = wp_get_current_user();
    28 if ( $user->ID ) :
     28if ( $user->ID ) {
    2929    $comment_author       = $wpdb->escape($user->display_name);
    3030    $comment_author_email = $wpdb->escape($user->user_email);
    3131    $comment_author_url   = $wpdb->escape($user->user_url);
    32 else :
     32    if ( current_user_can('unfiltered_html') ) {
     33        if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
     34            kses_remove_filters(); // start with a clean slate
     35            kses_init_filters(); // set up the filters
     36        }
     37    }
     38} else {
    3339    if ( get_option('comment_registration') )
    3440        wp_die( __('Sorry, you must be logged in to post a comment.') );
    35 endif;
     41}
    3642
    3743$comment_type = '';
  • trunk/wp-includes/comment-template.php

    r5019 r5039  
    272272}
    273273
     274function wp_comment_form_unfiltered_html_nonce() {
     275    global $post;
     276    if ( current_user_can('unfiltered_html') )
     277        wp_nonce_field('unfiltered-html-comment_' . $post->ID, '_wp_unfiltered_html_comment', false);
     278}
     279
    274280function comments_template( $file = '/comments.php' ) {
    275281    global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;
  • trunk/wp-includes/default-filters.php

    r5032 r5039  
    3131add_filter('pre_comment_author_email', 'wp_filter_kses');
    3232add_filter('pre_comment_author_url', 'wp_filter_kses');
     33
     34add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce');
    3335
    3436// Default filters for these functions
  • trunk/wp-includes/functions.php

    r5032 r5039  
    10011001}
    10021002
    1003 function wp_nonce_field($action = -1) {
    1004     echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
    1005     wp_referer_field();
     1003function wp_nonce_field($action = -1, $name = "_wpnonce", $referer = true) {
     1004    $name = attribute_escape($name);
     1005    echo '<input type="hidden" name="' . $name . '" value="' . wp_create_nonce($action) . '" />';
     1006    if ( $referer )
     1007        wp_referer_field();
    10061008}
    10071009
Note: See TracChangeset for help on using the changeset viewer.