WordPress.org

Make WordPress Core

Changeset 5040


Ignore:
Timestamp:
03/14/07 23:12:47 (7 years ago)
Author:
markjaquith
Message:

nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for 2.1

Location:
branches/2.1
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • branches/2.1/wp-comments-post.php

    r4260 r5040  
    2626// If the user is logged in 
    2727$user = wp_get_current_user(); 
    28 if ( $user->ID ) : 
     28if ( $user->ID ) { 
    2929    $comment_author       = $wpdb->escape($user->display_name); 
    3030    $comment_author_email = $wpdb->escape($user->user_email); 
    3131    $comment_author_url   = $wpdb->escape($user->user_url); 
    32 else : 
     32    if ( current_user_can('unfiltered_html') ) { 
     33        if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 
     34            kses_remove_filters(); // start with a clean slate 
     35            kses_init_filters(); // set up the filters 
     36        } 
     37    } 
     38} else { 
    3339    if ( get_option('comment_registration') ) 
    3440        wp_die( __('Sorry, you must be logged in to post a comment.') ); 
    35 endif; 
     41} 
    3642 
    3743$comment_type = ''; 
  • branches/2.1/wp-includes/comment-template.php

    r4656 r5040  
    272272} 
    273273 
     274function wp_comment_form_unfiltered_html_nonce() { 
     275    global $post; 
     276    if ( current_user_can('unfiltered_html') ) 
     277        wp_nonce_field('unfiltered-html-comment_' . $post->ID, '_wp_unfiltered_html_comment', false); 
     278} 
     279 
    274280function comments_template( $file = '/comments.php' ) { 
    275281    global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity; 
  • branches/2.1/wp-includes/default-filters.php

    r4556 r5040  
    3131add_filter('pre_comment_author_email', 'wp_filter_kses'); 
    3232add_filter('pre_comment_author_url', 'wp_filter_kses'); 
     33 
     34add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce'); 
    3335 
    3436// Default filters for these functions 
  • branches/2.1/wp-includes/functions.php

    r4952 r5040  
    921921} 
    922922 
    923 function wp_nonce_field($action = -1) { 
    924     echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />'; 
    925     wp_referer_field(); 
     923function wp_nonce_field($action = -1, $name = "_wpnonce", $referer = true) { 
     924    $name = attribute_escape($name); 
     925    echo '<input type="hidden" name="' . $name . '" value="' . wp_create_nonce($action) . '" />'; 
     926    if ( $referer ) 
     927        wp_referer_field(); 
    926928} 
    927929 
Note: See TracChangeset for help on using the changeset viewer.