Changeset 6739

Timestamp:

02/06/2008 09:19:47 PM (18 years ago)

Author:

ryan

Message:

Remove cookie checking from check_ajax_referer(). Check nonces instead. Props mdawaffe. fixes #5782

Location:

trunk

Files:

• wp-admin/admin-ajax.php (modified) (2 diffs)
• wp-admin/edit-form-advanced.php (modified) (1 diff)
• wp-admin/edit-form.php (modified) (1 diff)
• wp-admin/edit-page-form.php (modified) (1 diff)
• wp-includes/js/autosave.js (modified) (3 diffs)
• wp-includes/pluggable.php (modified) (2 diffs)
• wp-includes/script-loader.php (modified) (1 diff)

trunk/wp-admin/admin-ajax.php

@@ -468 +468 @@
     break;
 case 'autosave' : // The name of this action is hardcoded in edit_post()
-    check_ajax_referer( $action );
+    check_ajax_referer( 'autosave', 'autosavenonce' );
     $_POST['post_content'] = $_POST['content'];
     $_POST['post_excerpt'] = $_POST['excerpt'];
@@ -500 +500 @@
 break;
 case 'autosave-generate-nonces' :
-    check_ajax_referer( $action );
+    check_ajax_referer( 'autosave', 'autosavenonce' );
     $ID = (int) $_POST['post_ID'];
     if($_POST['post_type'] == 'post') {

trunk/wp-admin/edit-form-advanced.php

@@ -89 +89 @@
 <h3><?php _e('Post') ?></h3>
 <?php the_editor($post->post_content); ?>
+<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
 </div>
 

trunk/wp-admin/edit-form.php

@@ -40 +40 @@
 ?>
 <div><textarea rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content"><?php echo $post->post_content ?></textarea></div>
+<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
 </fieldset>
 

trunk/wp-admin/edit-page-form.php

@@ -57 +57 @@
 <h3><?php _e('Page') ?></h3>
 <?php the_editor($post->post_content); ?>
+<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
 </div>
 

trunk/wp-includes/js/autosave.js

@@ -37 +37 @@
             action: "autosave-generate-nonces",
             post_ID: res,
-            cookie: document.cookie,
+            autosavenonce: jQuery('#autosavenonce').val(),
             post_type: jQuery('#post_type').val()
         }, function(html) {
@@ -88 +88 @@
             post_ID:  jQuery("#post_ID").val() || 0,
             post_title: jQuery("#title").val() || "",
-            cookie: document.cookie,
+            autosavenonce: jQuery('#autosavenonce').val(),
             tags_input: jQuery("#tags-input").val() || "",
             post_type: jQuery('#post_type').val() || ""
@@ -100 +100 @@
     } 
     
-    post_data["content"] = jQuery("#content").val();
+    post_data["content"] = jQuery("#content").val();
 
     if(post_data["post_title"].length==0 || post_data["content"].length==0 || post_data["post_title"] + post_data["content"] == autosaveLast) {

trunk/wp-includes/pluggable.php

@@ -636 +636 @@
  *
  * @param string $action Action nonce
- */
-function check_admin_referer($action = -1) {
+ * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
+ */
+function check_admin_referer($action = -1, $query_arg = '_wpnonce' ) {
     $adminurl = strtolower(get_option('siteurl')).'/wp-admin';
     $referer = strtolower(wp_get_referer());
-    if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
+    if ( !wp_verify_nonce($_REQUEST[$query_arg], $action) &&
         !(-1 == $action && strpos($referer, $adminurl) !== false)) {
         wp_nonce_ays($action);
@@ -655 +656 @@
  *
  * @param string $action Action nonce
- */
-function check_ajax_referer( $action = -1 ) {
-    $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
-    if ( !wp_verify_nonce( $nonce, $action ) ) {
-        $current_id = '';
-        if ( ( $current = wp_get_current_user() ) && $current->ID )
-            $current_id = $current->ID;
-        if ( !$current_id )
-            die('-1');
-
-        $auth_cookie = '';
-        $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
-        foreach ( $cookie as $tasty ) {
-            if ( false !== strpos($tasty, AUTH_COOKIE . '=') ) {
-                $auth_cookie = substr(strstr($tasty, '='), 1);
-                break;
-            }
-        }
-
-        if ( empty($auth_cookie) )
-            die('-1');
-
-        if ( ! $user_id = wp_validate_auth_cookie( $auth_cookie ) )
-            die('-1');
-
-        if ( $current_id != $user_id )
-            die('-1');
-    }
+ * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
+ */
+function check_ajax_referer( $action = -1, $query_arg = false ) {
+    if ( $query_arg )
+        $nonce = $_REQUEST[$query_arg];
+    else
+        $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
+
+    if ( !wp_verify_nonce( $nonce, $action ) ) 
+        die('-1');
+
     do_action('check_ajax_referer');
 }

trunk/wp-includes/script-loader.php

@@ -38 +38 @@
         $this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.6');
 
-        $this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080104');
+        $this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080206');
         $this->localize( 'autosave', 'autosaveL10n', array(
             'autosaveInterval' => apply_filters('autosave_interval', '120'),