WordPress.org
Get WordPress

Make WordPress Core

Changeset 5041


Ignore:
Timestamp:
03/14/2007 11:13:36 PM (19 years ago)
Author:
markjaquith
Message:

nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for 2.0

Location:
branches/2.0
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • branches/2.0/wp-comments-post.php

    r4261 r5041  
    2626// If the user is logged in
    2727$user = wp_get_current_user();
    28 if ( $user->ID ) :
     28if ( $user->ID ) {
    2929    $comment_author       = $wpdb->escape($user->display_name);
    3030    $comment_author_email = $wpdb->escape($user->user_email);
    3131    $comment_author_url   = $wpdb->escape($user->user_url);
    32 else :
     32    if ( current_user_can('unfiltered_html') ) {
     33        if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
     34            kses_remove_filters(); // start with a clean slate
     35            kses_init_filters(); // set up the filters
     36        }
     37    }
     38} else {
    3339    if ( get_option('comment_registration') )
    3440        die( __('Sorry, you must be logged in to post a comment.') );
    35 endif;
     41}
    3642
    3743$comment_type = '';

  • branches/2.0/wp-includes/comment-functions.php

    r4672 r5041  
    22
    33// Template functions
     4
     5function wp_comment_form_unfiltered_html_nonce() {
     6    global $post;
     7    if ( current_user_can('unfiltered_html') )
     8        wp_nonce_field('unfiltered-html-comment_' . $post->ID, '_wp_unfiltered_html_comment', false);
     9}
    410
    511function comments_template( $file = '/comments.php' ) {

  • branches/2.0/wp-includes/default-filters.php

    r4247 r5041  
    3333add_filter('pre_comment_author_email', 'wp_filter_kses');
    3434add_filter('pre_comment_author_url', 'wp_filter_kses');
     35
     36add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce');
    3537
    3638// Default filters for these functions

  • branches/2.0/wp-includes/functions.php

    r5037 r5041  
    23732373}
    23742374
    2375 function wp_nonce_field($action = -1) {
    2376     echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
    2377     wp_referer_field();
     2375function wp_nonce_field($action = -1, $name = "_wpnonce", $referer = true) {
     2376    $name = attribute_escape($name);
     2377    echo '<input type="hidden" name="' . $name . '" value="' . wp_create_nonce($action) . '" />';
     2378    if ( $referer )
     2379        wp_referer_field();
    23782380}
    23792381
Note: See TracChangeset for help on using the changeset viewer.