WordPress.org

Make WordPress Core

Changeset 6400


Ignore:
Timestamp:
12/17/2007 09:12:28 PM (10 years ago)
Author:
ryan
Message:

Fix AJAX cookie validation. see #5367

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r6396 r6400  
    434434    $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
    435435    if ( !wp_verify_nonce( $nonce, $action ) ) {
    436         $current_name = '';
     436        $current_id = '';
    437437        if ( ( $current = wp_get_current_user() ) && $current->ID )
    438             $current_name = $current->user_login;
    439         if ( !$current_name )
     438            $current_id = $current->ID;
     439        if ( !$current_id )
    440440            die('-1');
    441441
     
    447447        }
    448448
    449         if ( $current_name != $user || empty($auth_cookie) || !wp_validate_auth_cookie( $auth_cookie ) )
     449        if ( empty($auth_cookie) )
     450            die('-1');
     451
     452        if ( ! $user_id = wp_validate_auth_cookie( $auth_cookie ) )
     453            die('-1');
     454   
     455        if ( $current_id != $user_id )
    450456            die('-1');
    451457    }
Note: See TracChangeset for help on using the changeset viewer.