Ticket #2678: nonce.diff

wp-includes/functions-compat.php

@@ -98 +98 @@
-    }
-}
-
+// From php.net
+if(!function_exists('http_build_query')) {
+   function http_build_query( $formdata, $numeric_prefix = null, $key = null ) {
+       $res = array();
+       foreach ((array)$formdata as $k=>$v) {
+           $tmp_key = urlencode(is_int($k) ? $numeric_prefix.$k : $k);
+           if ($key) $tmp_key = $key.'['.$tmp_key.']';
+           $res[] = ( ( is_array($v) || is_object($v) ) ? http_build_query($v, null, $tmp_key) : $tmp_key."=".urlencode($v) );
+       }
+       $separator = ini_get('arg_separator.output');
+       return implode($separator, $res);
+   }
+}
-?>

wp-includes/functions.php

@@ -1663 +1663 @@
-        return $installed;
-}
-
+function wp_nonce_url($actionurl, $action = -1) {
+        return add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl);
+}
+
+function wp_nonce_field($action = -1) {
+        echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
+}
+
-?>

wp-includes/pluggable-functions.php

@@ -228 +228 @@
-endif;
-
-if ( !function_exists('check_admin_referer') ) :
-
+
+
-        $adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
-        $referer = strtolower($_SERVER['HTTP_REFERER']);
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-        do_action('check_admin_referer');
-
-
+
-
-if ( !function_exists('check_ajax_referer') ) :
-function check_ajax_referer() {
@@ -460 +480 @@
-}
-endif;
-
+if ( !function_exists('wp_verify_nonce') ) :
+function wp_verify_nonce($nonce, $action = -1) {
+        $user = wp_get_current_user();
+        $uid = $user->id;
+
+        $i = ceil(time() / 43200);
+
+        //Allow for expanding range, but only do one check if we can
+        if( substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10) == $nonce || substr(md5(($i - 1) . DB_PASSWORD . $action . $uid), -12, 10) == $nonce )
+                return true;
+        return false;
+}
+endif;
+
+if ( !function_exists('wp_create_nonce') ) :
+function wp_create_nonce($action = -1) {
+        $user = wp_get_current_user();
+        $uid = $user->id;
+
+        $i = ceil(time() / 43200);
+        
+        return substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10);
+}
+endif;
+
-?>

wp-admin/inline-uploading.php

@@ -2 +2 @@
-
-require_once('admin.php');
-
-
+'inlineuploading'
-
-header('Content-Type: text/html; charset=' . get_option('blog_charset'));
-
@@ -41 +41 @@
-
-wp_delete_attachment($attachment);
-
-basename(__FILE__)."?post=$post&all=$all&action=view&start=$start"
+ wp_nonce_url(basename(__FILE__)."?post=$post&all=$all&action=view&start=$start", 'inlineuploading')
-die;
-
-case 'save':
@@ -100 +100 @@
-        add_post_meta($id, '_wp_attachment_metadata', array());
-}
-
-basename(__FILE__)."?post=$post&all=$all&action=view&start=0"
+ wp_nonce_url(basename(__FILE__)."?post=$post&all=$all&action=view&start=0", 'inlineuploading')
-die();
-
-case 'upload':
@@ -139 +139 @@
-$attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_type = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A);
-
-if ( count($attachments) == 0 ) {
-basename(__FILE__)."?post=$post&action=upload"
+ wp_nonce_url(basename(__FILE__)."?post=$post&action=upload", 'inlineuploading') 
-        die;
-} elseif ( count($attachments) > $num ) {
-        $next = $start + count($attachments) - $num;

wp-admin/post.php

@@ -24 +24 @@
-switch($action) {
-case 'postajaxpost':
-case 'post':
-
+'post'
-        
-        $post_ID = 'post' == $action ? write_post() : edit_post();
-
@@ -96 +96 @@
-                add_post_meta($post_id, '_wp_attachment_metadata', $newmeta);
-
-case 'editpost':
-
+
+
-        
-        $post_ID = edit_post();
-
@@ -121 +122 @@
-        break;
-
-case 'delete':
-
+'deletepost'
-
-        $post_id = (isset($_GET['post']))  ? intval($_GET['post']) : intval($_POST['post_ID']);
-

wp-admin/edit-form-advanced.php

@@ -22 +22 @@
-        $form_action = 'post';
-        $temp_ID = -1 * time();
-        $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
+        wp_nonce_field('post');
-} else {
-        $form_action = 'editpost';
-        $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
+        wp_nonce_field('editpost' .  $post_ID);
-}
-
-$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
@@ -173 +175 @@
-<?php
-if (current_user_can('upload_files')) {
-        $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
-"inline-uploading.php?action=view&amp;post=$uploading_iframe_ID"
+wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading')
-        $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
-        if ( false != $uploading_iframe_src )
-                echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';

wp-admin/edit.php

@@ -211 +211 @@
-
-        case 'control_delete':
-                ?>
-post.php?action=delete&post=$id
+" . wp_nonce_url("post.php?action=delete&post=$id", 'deletepost') . "
-                <?php
-                break;
-