WordPress.org

Make WordPress Core

Changeset 6400


Ignore:
Timestamp:
12/17/07 21:12:28 (8 years ago)
Author:
ryan
Message:

Fix AJAX cookie validation. see #5367

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r6396 r6400  
    434434    $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce']; 
    435435    if ( !wp_verify_nonce( $nonce, $action ) ) { 
    436         $current_name = ''; 
     436        $current_id = ''; 
    437437        if ( ( $current = wp_get_current_user() ) && $current->ID ) 
    438             $current_name = $current->user_login; 
    439         if ( !$current_name ) 
     438            $current_id = $current->ID; 
     439        if ( !$current_id ) 
    440440            die('-1'); 
    441441 
     
    447447        } 
    448448 
    449         if ( $current_name != $user || empty($auth_cookie) || !wp_validate_auth_cookie( $auth_cookie ) ) 
     449        if ( empty($auth_cookie) ) 
     450            die('-1'); 
     451 
     452        if ( ! $user_id = wp_validate_auth_cookie( $auth_cookie ) ) 
     453            die('-1'); 
     454     
     455        if ( $current_id != $user_id ) 
    450456            die('-1'); 
    451457    } 
Note: See TracChangeset for help on using the changeset viewer.