WordPress.org
Get WordPress

Make WordPress Core

Changeset 5040


Ignore:
Timestamp:
03/14/2007 11:12:47 PM (19 years ago)
Author:
markjaquith
Message:

nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for 2.1

Location:
branches/2.1
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • branches/2.1/wp-comments-post.php

    r4260 r5040  
    2626// If the user is logged in
    2727$user = wp_get_current_user();
    28 if ( $user->ID ) :
     28if ( $user->ID ) {
    2929    $comment_author       = $wpdb->escape($user->display_name);
    3030    $comment_author_email = $wpdb->escape($user->user_email);
    3131    $comment_author_url   = $wpdb->escape($user->user_url);
    32 else :
     32    if ( current_user_can('unfiltered_html') ) {
     33        if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
     34            kses_remove_filters(); // start with a clean slate
     35            kses_init_filters(); // set up the filters
     36        }
     37    }
     38} else {
    3339    if ( get_option('comment_registration') )
    3440        wp_die( __('Sorry, you must be logged in to post a comment.') );
    35 endif;
     41}
    3642
    3743$comment_type = '';

  • branches/2.1/wp-includes/comment-template.php

    r4656 r5040  
    272272}
    273273
     274function wp_comment_form_unfiltered_html_nonce() {
     275    global $post;
     276    if ( current_user_can('unfiltered_html') )
     277        wp_nonce_field('unfiltered-html-comment_' . $post->ID, '_wp_unfiltered_html_comment', false);
     278}
     279
    274280function comments_template( $file = '/comments.php' ) {
    275281    global $wp_query, $withcomments, $post, $wpdb, $id, $comment, $user_login, $user_ID, $user_identity;

  • branches/2.1/wp-includes/default-filters.php

    r4556 r5040  
    3131add_filter('pre_comment_author_email', 'wp_filter_kses');
    3232add_filter('pre_comment_author_url', 'wp_filter_kses');
     33
     34add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce');
    3335
    3436// Default filters for these functions

  • branches/2.1/wp-includes/functions.php

    r4952 r5040  
    921921}
    922922
    923 function wp_nonce_field($action = -1) {
    924     echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
    925     wp_referer_field();
     923function wp_nonce_field($action = -1, $name = "_wpnonce", $referer = true) {
     924    $name = attribute_escape($name);
     925    echo '<input type="hidden" name="' . $name . '" value="' . wp_create_nonce($action) . '" />';
     926    if ( $referer )
     927        wp_referer_field();
    926928}
    927929
Note: See TracChangeset for help on using the changeset viewer.