Make WordPress Core

Opened 9 years ago

Closed 6 years ago

#10739 closed defect (bug) (fixed)

Pass logged_in cookie to async-upload

Reported by: nbachiyski Owned by:
Milestone: 2.9 Priority: normal
Severity: normal Version: 2.9
Component: Security Keywords: needs-patch
Focuses: Cc:


Currently only the auth cookie is sent to async-upload.php. If a plugins has filtered the scheme in auth_redirect() the logged_in cookie might be needed, too.

Attachments (1)

pass-logged-in-cookie-to-async-upload.diff (1.2 KB) - added by nbachiyski 9 years ago.

Download all attachments as: .zip

Change History (9)

#1 @ryan
9 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11904]) Pass logged_in cookie to async-upload. Props nbachiyski. fixes #10739

#2 @azaozz
9 years ago

  • Keywords reporter-feedback added; has-patch removed
  • Resolution fixed deleted
  • Status changed from closed to reopened

This doesn't look good... We make the cookies not accessible by JS and at the same time put them in plain view and accept them in the GET request.

Perhaps we could look at making a short-lived (30 min?) nonce for the flash uploader, would be way more secure.

#3 @scribu
9 years ago

  • Component changed from Upload to Security
  • Milestone changed from Unassigned to 2.9
  • Version set to 2.9

#4 @nacin
9 years ago

  • Milestone changed from 2.9 to 3.0

#5 @scribu
9 years ago

  • Keywords needs-patch added; reporter-feedback removed

#6 @nacin
8 years ago

  • Milestone changed from 3.0 to 3.1

#7 @nacin
8 years ago

  • Milestone changed from Awaiting Triage to Future Release

#8 @nacin
6 years ago

  • Milestone changed from Future Release to 2.9
  • Resolution set to fixed
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.