Context Navigation

← Previous Changeset
Next Changeset →

Changeset 9025

Timestamp:

09/28/2008 09:05:37 PM (17 years ago)

Author:

westi

Message:

Protect log out actions against CSRF. Props markjaquith and ionfish. Fixes #7790.

Location:

trunk

Files:

: 8 edited

wp-admin/admin-header.php (modified) (1 diff)
wp-content/themes/classic/comments-popup.php (modified) (1 diff)
wp-content/themes/classic/comments.php (modified) (1 diff)
wp-content/themes/default/comments-popup.php (modified) (1 diff)
wp-content/themes/default/comments.php (modified) (1 diff)
wp-includes/functions.php (modified) (2 diffs)
wp-includes/general-template.php (modified) (1 diff)
wp-login.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/wp-admin/admin-header.php

r9021	r9025
151	151	<?php } ?>
152	152
153		<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> \| <a href="<?php echo ~~site_url('wp-login.php?action=logout', 'login'~~) ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> <?php if ( ! $is_opera ) { ?> \| <span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Turbo') ?></a></span><?php } ?></p></div>
	153	<div id="user_info"><p><?php printf(__('Howdy, <a href="%1$s">%2$s</a>!'), 'profile.php', $user_identity) ?> \| <a href="<?php echo wp_logout_url() ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a> <?php if ( ! $is_opera ) { ?> \| <span id="gears-menu"><a href="#" onclick="wpGears.message(1);return false;"><?php _e('Turbo') ?></a></span><?php } ?></p></div>
154	154
155	155	<?php

trunk/wp-content/themes/classic/comments-popup.php

r8999	r9025
63	63	<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">
64	64	<?php if ( $user_ID ) : ?>
65		<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo ~~get_option('siteurl'); ?>/wp-login.php?action=logout~~" title="<?php echo attribute_escape(__('Log out of this account')); ?>"><?php _e('Log out »'); ?></a></p>
	65	<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(); ?>" title="<?php echo attribute_escape(__('Log out of this account')); ?>"><?php _e('Log out »'); ?></a></p>
66	66	<?php else : ?>
67	67	<p>

trunk/wp-content/themes/classic/comments.php

r8999	r9025
50	50	<?php if ( $user_ID ) : ?>
51	51
52		<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo ~~get_option('siteurl'); ?>/wp-login.php?action=logout~~" title="<?php _e('Log out of this account') ?>"><?php _e('Log out »'); ?></a></p>
	52	<p><?php printf(__('Logged in as %s.'), '<a href="'.get_option('siteurl').'/wp-admin/profile.php">'.$user_identity.'</a>'); ?> <a href="<?php echo wp_logout_url(get_permalink()); ?>" title="<?php _e('Log out of this account') ?>"><?php _e('Log out »'); ?></a></p>
53	53
54	54	<?php else : ?>

trunk/wp-content/themes/default/comments-popup.php

r8999	r9025
63	63	<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">
64	64	<?php if ( $user_ID ) : ?>
65		<p>Logged in as <a href="<?php echo get_option('siteurl'); ?>/wp-admin/profile.php"><?php echo $user_identity; ?></a>. <a href="<?php echo ~~get_option('siteurl'); ?>/wp-login.php?action=logout~~" title="Log out of this account">Log out »</a></p>
	65	<p>Logged in as <a href="<?php echo get_option('siteurl'); ?>/wp-admin/profile.php"><?php echo $user_identity; ?></a>. <a href="<?php echo wp_logout_url(get_permalink()); ?>" title="Log out of this account">Log out »</a></p>
66	66	<?php else : ?>
67	67	<p>

trunk/wp-content/themes/default/comments.php

r8999	r9025
59	59	<?php if ( $user_ID ) : ?>
60	60
61		<p>Logged in as <a href="<?php echo get_option('siteurl'); ?>/wp-admin/profile.php"><?php echo $user_identity; ?></a>. <a href="<?php echo ~~get_option('siteurl'); ?>/wp-login.php?action=logout~~" title="Log out of this account">Log out »</a></p>
	61	<p>Logged in as <a href="<?php echo get_option('siteurl'); ?>/wp-admin/profile.php"><?php echo $user_identity; ?></a>. <a href="<?php echo wp_logout_url(get_permalink()); ?>" title="Log out of this account">Log out »</a></p>
62	62
63	63	<?php else : ?>

trunk/wp-includes/functions.php

-                      r9013
+                      r9025
         $trans['switch']['theme']      = array( __( 'Your attempt to switch to this theme: &quot;%s&quot; has failed.' ), 'use_id' );
+        $trans['log']['out']           = array( sprintf( __( 'You are attempting to log out of %s' ), get_bloginfo( 'sitename' ) ), false );
         if ( isset( $trans[$verb][$noun] ) ) {
             if ( !empty( $trans[$verb][$noun][1] ) ) {
 …
     if ( wp_get_referer() )
         $html .= "</p><p><a href='" . remove_query_arg( 'updated', clean_url( wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
+    elseif ( 'log-out' == $action )
+        $html .= "</p><p>" . sprintf( __( "Do you really want to <a href='%s'>log out</a>?"), wp_nonce_url( site_url('wp-login.php?action=logout', 'login'), 'log-out' ) );
     wp_die( $html, $title);
+}

trunk/wp-includes/general-template.php

-                      r9019
+                      r9025
 function wp_loginout() {
     if ( ! is_user_logged_in() )
         $link = '<a href="' . site_url('wp-login.php', 'login') . '">' . __('Log in') . '</a>';
+        $link = '<a href="' . wp_login_url() . '">' . __('Log in') . '</a>';
     else
         $link = '<a href="' . site_url('wp-login.php?action=logout', 'login') . '">' . __('Log out') . '</a>';
+        $link = '<a href="' . wp_logout_url() . '">' . __('Log out') . '</a>';
     echo apply_filters('loginout', $link);
+}
+/**
+ * Returns the Log Out URL.
+ *
+ * Returns the URL that allows the user to log out of the site
+ *
+ * @since 2.7
+ * @uses wp_nonce_url() To protect against CSRF
+ * @uses site_url() To generate the log in URL
+ *
+ * @param string $redirect Path to redirect to on logout.
+ */
+function wp_logout_url($redirect = '') {
+    if ( strlen($redirect) )
+        $redirect = "&redirect_to=$redirect";
+    return wp_nonce_url( site_url("wp-login.php?action=logout$redirect", 'login'), 'log-out' );
+}
+/**
+ * Returns the Log In URL.
+ *
+ * Returns the URL that allows the user to log in to the site
+ *
+ * @since 2.7
+ * @uses site_url() To generate the log in URL
+ *
+ * @param string $redirect Path to redirect to on login.
+ */
+function wp_login_url($redirect = '') {
+    if ( strlen($redirect) )
+        $redirect = "?redirect_to=$redirect";
+    return site_url("wp-login.php$redirect", 'login');
+}

trunk/wp-login.php

r8952	r9025
273	273
274	274	case 'logout' :
275
	275	check_admin_referer('log-out');
276	276	wp_logout();
277	277

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core