WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 19 months ago

#10739 closed defect (bug) (fixed)

Pass logged_in cookie to async-upload

Reported by: nbachiyski Owned by:
Milestone: 2.9 Priority: normal
Severity: normal Version: 2.9
Component: Security Keywords: needs-patch
Focuses: Cc:

Description

Currently only the auth cookie is sent to async-upload.php. If a plugins has filtered the scheme in auth_redirect() the logged_in cookie might be needed, too.

Attachments (1)

pass-logged-in-cookie-to-async-upload.diff (1.2 KB) - added by nbachiyski 5 years ago.

Download all attachments as: .zip

Change History (9)

comment:1 ryan5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11904]) Pass logged_in cookie to async-upload. Props nbachiyski. fixes #10739

comment:2 azaozz5 years ago

  • Keywords reporter-feedback added; has-patch removed
  • Resolution fixed deleted
  • Status changed from closed to reopened

This doesn't look good... We make the cookies not accessible by JS and at the same time put them in plain view and accept them in the GET request.

Perhaps we could look at making a short-lived (30 min?) nonce for the flash uploader, would be way more secure.

comment:3 scribu5 years ago

  • Component changed from Upload to Security
  • Milestone changed from Unassigned to 2.9
  • Version set to 2.9

comment:4 nacin4 years ago

  • Milestone changed from 2.9 to 3.0

comment:5 scribu4 years ago

  • Keywords needs-patch added; reporter-feedback removed

comment:6 nacin4 years ago

  • Milestone changed from 3.0 to 3.1

comment:7 nacin3 years ago

  • Milestone changed from Awaiting Triage to Future Release

comment:8 nacin19 months ago

  • Milestone changed from Future Release to 2.9
  • Resolution set to fixed
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.