From 516bdc173a81c12e5ed3025fbb9424bbf1ab40d8 Mon Sep 17 00:00:00 2001 From: azett Date: Fri, 30 Dec 2022 12:46:35 +0100 Subject: [PATCH] check for correct admin referer on delete entry (see #64) --- admin/panels/entry/admin.entry.delete.php | 3 +++ fp-includes/core/core.wp-pluggable-funcs.php | 19 +++++++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/admin/panels/entry/admin.entry.delete.php b/admin/panels/entry/admin.entry.delete.php index 752170d..256cc24 100755 --- a/admin/panels/entry/admin.entry.delete.php +++ b/admin/panels/entry/admin.entry.delete.php @@ -45,6 +45,9 @@ class admin_entry_delete extends AdminPanelAction { } function ondelete() { + // at first: check if nonce was given correctly + check_admin_referer('admin_entry_delete'); + $id = $_REQUEST ['entry']; $ok = draft_delete($id) || entry_delete($id); diff --git a/fp-includes/core/core.wp-pluggable-funcs.php b/fp-includes/core/core.wp-pluggable-funcs.php index 9849c27..3f00016 100755 --- a/fp-includes/core/core.wp-pluggable-funcs.php +++ b/fp-includes/core/core.wp-pluggable-funcs.php @@ -327,6 +327,15 @@ endif; if (!function_exists('wp_verify_nonce')) : + /** + * Verifies the given nonce for the given action string. + * + * @param string $nonce + * the nonce to verify + * @param string $action + * the action + * @return boolean true if the nonce is valid; false otherwise + */ function wp_verify_nonce($nonce, $action = -1) { $user = user_get(); $uid = $user ['userid']; @@ -334,11 +343,13 @@ if (!function_exists('wp_verify_nonce')) : // new nonce each 12 hours $i = ceil(time() / (60 * 60 * 12)); - // Allow for expanding range, but only do one check if we can + // The nonce we expect for the given action at the current time $expectedNonce = substr(wp_hash($i . $action . $uid), -12, 10); - if ($expectedNonce == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce) - return true; - return false; + // The nonce we expect for the given action in the previous time period + $expectedPreviousNonce = substr(wp_hash(($i - 1) . $action . $uid), -12, 10); + + // given nonce must match the current or the previous nonce + return $nonce == $expectedNonce || $nonce == $expectedPreviousNonce; } endif;