Changeset 6138
- Timestamp:
- 09/19/2007 07:32:34 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/pluggable.php
r6136 r6138 350 350 if ( !function_exists('check_ajax_referer') ) : 351 351 function check_ajax_referer() { 352 $current_name = ''; 353 if ( ( $current = wp_get_current_user() ) && $current->ID ) 354 $current_name = $current->data->user_login; 355 if ( !$current_name ) 356 die('-1'); 357 352 358 $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie 353 359 foreach ( $cookie as $tasty ) { … … 357 363 $pass = substr(strstr($tasty, '='), 1); 358 364 } 359 if ( !wp_login( $user, $pass, true ) ) 365 366 if ( $current_name != $user || !wp_login( $user, $pass, true ) ) 360 367 die('-1'); 361 368 do_action('check_ajax_referer');
Note: See TracChangeset
for help on using the changeset viewer.