[wp-trac] [WordPress Trac] #5782: check_*_referer should be able to look for nonce in any query parameter

WordPress Trac wp-trac at lists.automattic.com
Wed Feb 6 20:55:51 GMT 2008


#5782: check_*_referer should be able to look for nonce in any query parameter
-------------------------+--------------------------------------------------
 Reporter:  mdawaffe     |       Owner:  anonymous              
     Type:  enhancement  |      Status:  new                    
 Priority:  normal       |   Milestone:  2.5                    
Component:  General      |     Version:                         
 Severity:  normal       |    Keywords:  has-patch needs-testing
-------------------------+--------------------------------------------------
 Adding an optional parameter to {{{check_admin_referer()}}} and
 {{{check_ajax_referer()}}} allows more than nonce to be generated on one
 page, increasing the flexibility of nonce checking.

 It also allows us to get rid of the problematic cookie code in
 {{{check_ajax_referer()}}} and to rely solely on nonces.

 Attached:
  1. Adds parameter.
  2. Converts autosave to use nonces for verification (the last holdout?).
  3. Removes cookie code from {{{check_ajax_referer()}}}.  Good for core
 (we can make sure all of our other ajax actions use nonces).  May break
 some plugins.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5782>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list