[wp-trac] [WordPress Trac] #5782: check_*_referer should be able to
look for nonce in any query parameter
WordPress Trac
wp-trac at lists.automattic.com
Wed Feb 6 20:55:51 GMT 2008
#5782: check_*_referer should be able to look for nonce in any query parameter
-------------------------+--------------------------------------------------
Reporter: mdawaffe | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone: 2.5
Component: General | Version:
Severity: normal | Keywords: has-patch needs-testing
-------------------------+--------------------------------------------------
Adding an optional parameter to {{{check_admin_referer()}}} and
{{{check_ajax_referer()}}} allows more than nonce to be generated on one
page, increasing the flexibility of nonce checking.
It also allows us to get rid of the problematic cookie code in
{{{check_ajax_referer()}}} and to rely solely on nonces.
Attached:
1. Adds parameter.
2. Converts autosave to use nonces for verification (the last holdout?).
3. Removes cookie code from {{{check_ajax_referer()}}}. Good for core
(we can make sure all of our other ajax actions use nonces). May break
some plugins.
--
Ticket URL: <http://trac.wordpress.org/ticket/5782>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list