Make WordPress Core

Opened 17 years ago

Closed 17 years ago

Last modified 3 years ago

#5782 closed enhancement (fixed)

check_*_referer should be able to look for nonce in any query parameter

Reported by: mdawaffe's profile mdawaffe Owned by:
Milestone: 2.5 Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch needs-testing
Focuses: Cc:

Description

Adding an optional parameter to check_admin_referer() and check_ajax_referer() allows more than nonce to be generated on one page, increasing the flexibility of nonce checking.

It also allows us to get rid of the problematic cookie code in check_ajax_referer() and to rely solely on nonces.

Attached:

  1. Adds parameter.
  2. Converts autosave to use nonces for verification (the last holdout?).
  3. Removes cookie code from check_ajax_referer(). Good for core (we can make sure all of our other ajax actions use nonces). May break some plugins.

Attachments (1)

5782.diff (6.0 KB) - added by mdawaffe 17 years ago.

Download all attachments as: .zip

Change History (3)

@mdawaffe
17 years ago

#1 @mdawaffe
17 years ago

s/more than nonce/more than one nonce/

#2 @ryan
17 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6739]) Remove cookie checking from check_ajax_referer(). Check nonces instead. Props mdawaffe. fixes #5782

Note: See TracTickets for help on using tickets.