Changeset 6213 for trunk/wp-includes/pluggable.php
- Timestamp:
- 10/09/2007 10:49:42 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/pluggable.php
r6180 r6213 347 347 348 348 if ( !function_exists('check_ajax_referer') ) : 349 function check_ajax_referer() { 350 $current_name = ''; 351 if ( ( $current = wp_get_current_user() ) && $current->ID ) 352 $current_name = $current->data->user_login; 353 if ( !$current_name ) 354 die('-1'); 355 356 $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie 357 foreach ( $cookie as $tasty ) { 358 if ( false !== strpos($tasty, USER_COOKIE) ) 359 $user = substr(strstr($tasty, '='), 1); 360 if ( false !== strpos($tasty, PASS_COOKIE) ) 361 $pass = substr(strstr($tasty, '='), 1); 362 } 363 364 if ( $current_name != $user || !wp_login( $user, $pass, true ) ) 365 die('-1'); 349 function check_ajax_referer( $action = -1 ) { 350 $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce']; 351 if ( !wp_verify_nonce( $nonce, $action ) ) { 352 $current_name = ''; 353 if ( ( $current = wp_get_current_user() ) && $current->ID ) 354 $current_name = $current->data->user_login; 355 if ( !$current_name ) 356 die('-1'); 357 358 $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie 359 foreach ( $cookie as $tasty ) { 360 if ( false !== strpos($tasty, USER_COOKIE) ) 361 $user = substr(strstr($tasty, '='), 1); 362 if ( false !== strpos($tasty, PASS_COOKIE) ) 363 $pass = substr(strstr($tasty, '='), 1); 364 } 365 366 if ( $current_name != $user || !wp_login( $user, $pass, true ) ) 367 die('-1'); 368 } 366 369 do_action('check_ajax_referer'); 367 370 }
Note: See TracChangeset
for help on using the changeset viewer.