[wp-trac] Re: [WordPress Trac] #2977: Username/Nickname with spaces cannot delete it's own posts or comments

WordPress Trac wp-trac at lists.automattic.com
Wed Jul 26 13:52:50 GMT 2006


#2977: Username/Nickname with spaces cannot delete it's own posts or comments
----------------------------+-----------------------------------------------
 Reporter:  hgfischer       |        Owner:  anonymous
     Type:  defect          |       Status:  new      
 Priority:  high            |    Milestone:  2.0.4    
Component:  Administration  |      Version:  2.0.3    
 Severity:  major           |   Resolution:           
 Keywords:                  |  
----------------------------+-----------------------------------------------
Comment (by hgfischer):

 I found the source of the problem. It's in the WordPress AJAX code. Spaces
 are encoded as "+" by the browser so WP cannot found "foo+bar" and
 authenticate them. I don't know if it is some other place to fix this but
 I solved my problem adding "urldecode" calls to the "wp-includes
 /pluggable-functions.php" check_ajax_referer function:

 if ( !function_exists('check_ajax_referer') ) :
 function check_ajax_referer() {
     $cookie = explode('; ', urldecode(empty($_POST['cookie']) ?
 $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass
 cookie=document.cookie
     foreach ( $cookie as $tasty ) {
         if ( false !== strpos($tasty, USER_COOKIE) )
             $user = urldecode(substr(strstr($tasty, '='), 1));
         if ( false !== strpos($tasty, PASS_COOKIE) )
             $pass = urldecode(substr(strstr($tasty, '='), 1));
     }

     if ( wp_login( $user, $pass, true ) )
         return true;
     return false;
 }
 endif;

-- 
Ticket URL: <http://trac.wordpress.org/ticket/2977>
WordPress Trac <http://wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list