WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 3 years ago

#10739 closed defect (bug) (fixed)

Pass logged_in cookie to async-upload

Reported by: nbachiyski Owned by:
Milestone: 2.9 Priority: normal
Severity: normal Version: 2.9
Component: Security Keywords: needs-patch
Focuses: Cc:

Description

Currently only the auth cookie is sent to async-upload.php. If a plugins has filtered the scheme in auth_redirect() the logged_in cookie might be needed, too.

Attachments (1)

pass-logged-in-cookie-to-async-upload.diff (1.2 KB) - added by nbachiyski 6 years ago.

Download all attachments as: .zip

Change History (9)

comment:1 @ryan6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11904]) Pass logged_in cookie to async-upload. Props nbachiyski. fixes #10739

comment:2 @azaozz6 years ago

  • Keywords reporter-feedback added; has-patch removed
  • Resolution fixed deleted
  • Status changed from closed to reopened

This doesn't look good... We make the cookies not accessible by JS and at the same time put them in plain view and accept them in the GET request.

Perhaps we could look at making a short-lived (30 min?) nonce for the flash uploader, would be way more secure.

comment:3 @scribu6 years ago

  • Component changed from Upload to Security
  • Milestone changed from Unassigned to 2.9
  • Version set to 2.9

comment:4 @nacin6 years ago

  • Milestone changed from 2.9 to 3.0

comment:5 @scribu6 years ago

  • Keywords needs-patch added; reporter-feedback removed

comment:6 @nacin5 years ago

  • Milestone changed from 3.0 to 3.1

comment:7 @nacin5 years ago

  • Milestone changed from Awaiting Triage to Future Release

comment:8 @nacin3 years ago

  • Milestone changed from Future Release to 2.9
  • Resolution set to fixed
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.