[wp-trac] [WordPress Trac] #15243: Incorrect user is set when using Ajax Nonces over HTTPS Connection
WordPress Trac
wp-trac at lists.automattic.com
Thu Oct 28 18:26:56 UTC 2010
#15243: Incorrect user is set when using Ajax Nonces over HTTPS Connection
----------------------------+-----------------------------------------------
Reporter: jeremysawesome | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.0.1
Severity: normal | Keywords: ajax, user, nonce, verify, https, fail, secure
----------------------------+-----------------------------------------------
When using ajax nonces over a HTTPS connection the wp_verify_nonce
function calculates an incorrect nonce and fails. This only occurs when a
user is logged into WordPress. Somehow WordPress is unable to identify the
right user when an ajax request comes in over https. The wp_hash function
then calculates the nonce incorrectly and therefore the nonce check fails.
I've tested this by doing the following:
Added this code to both wp_create_nonce and wp_verify_nonce functions:
{{{
echo '<pre>';
echo print_r(array(
'user_id'=>$uid,
'i'=>$i,
'action'=>$action,
'wp_hash'=>substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10)
));
echo '</pre>';
}}}
I then ran several tests from the frontend of a site using ajax on both an
HTTP and HTTPS connection. I tested the HTTPS connection while not logged
in and while logged in, then again for the HTTP connection. Pay special
attention to the wp_hash that get's calculated for each connection. You
will notice that the hash is correct for every test except when logged in
to wordpress and connecting over https.
Here are the results:
{{{
Attempt 1 OVER HTTPS:
---------- When not logged in wp_create_nonce ----------
Array
(
[user_id] => 0
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => d0a78cb732
)
---------- When not logged in wp_verify_nonce ----------
Array
(
[user_id] => 0
[i] => 29810
[action] => dna_wpec_reps_nonce
[nonce] => d0a78cb732
[wp_hash] => d0a78cb732
)
---------- When logged in wp_create_nonce ----------
Array
(
[user_id] => 1
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => 75855d4e1d
)
---------- When logged in wp_verify_nonce ----------
Array
(
[user_id] => 0
[i] => 29810
[action] => dna_wpec_reps_nonce
[nonce] => 75855d4e1d
[wp_hash] => d0a78cb732
)
OVER HTTP://
---------- When not logged in wp_create_nonce ----------
Array
(
[user_id] => 0
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => d0a78cb732
)
---------- When not logged in wp_verify_nonce ----------
Array
(
[user_id] => 0
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => d0a78cb732
)
---------- When logged in wp_create_nonce ----------
Array
(
[user_id] => 1
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => 75855d4e1d
)
---------- When logged in wp_verify_nonce ----------
Array
(
[user_id] => 1
[i] => 29810
[action] => dna_wpec_reps_nonce
[wp_hash] => 75855d4e1d
)
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15243>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list