diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index 91294846ff..12800d2d89 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -467,7 +467,7 @@ case 'add-user' :
$x->send();
break;
case 'autosave' : // The name of this action is hardcoded in edit_post()
- check_ajax_referer( $action );
+ check_ajax_referer( 'autosave', 'autosavenonce' );
$_POST['post_content'] = $_POST['content'];
$_POST['post_excerpt'] = $_POST['excerpt'];
$_POST['post_status'] = 'draft';
@@ -499,7 +499,7 @@ case 'autosave' : // The name of this action is hardcoded in edit_post()
die('0');
break;
case 'autosave-generate-nonces' :
- check_ajax_referer( $action );
+ check_ajax_referer( 'autosave', 'autosavenonce' );
$ID = (int) $_POST['post_ID'];
if($_POST['post_type'] == 'post') {
if(current_user_can('edit_post', $ID))
diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php
index 5b25ef8547..64da6730f4 100644
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -88,6 +88,7 @@ addLoadEvent(focusit);
post_content); ?>
+
diff --git a/wp-admin/edit-form.php b/wp-admin/edit-form.php
index df37430086..87979bc3db 100644
--- a/wp-admin/edit-form.php
+++ b/wp-admin/edit-form.php
@@ -39,6 +39,7 @@ addLoadEvent(focusit);
}
?>
+
diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php
index eb9653f628..a41dd0d262 100644
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@@ -56,6 +56,7 @@ addLoadEvent(focusit);
post_content); ?>
+
diff --git a/wp-includes/js/autosave.js b/wp-includes/js/autosave.js
index 3e18b6c9a9..b45e9dae4a 100644
--- a/wp-includes/js/autosave.js
+++ b/wp-includes/js/autosave.js
@@ -36,7 +36,7 @@ function autosave_update_post_ID(response) {
jQuery.post(autosaveL10n.requestFile, {
action: "autosave-generate-nonces",
post_ID: res,
- cookie: document.cookie,
+ autosavenonce: jQuery('#autosavenonce').val(),
post_type: jQuery('#post_type').val()
}, function(html) {
jQuery('#_wpnonce').val(html);
@@ -87,7 +87,7 @@ function autosave() {
action: "autosave",
post_ID: jQuery("#post_ID").val() || 0,
post_title: jQuery("#title").val() || "",
- cookie: document.cookie,
+ autosavenonce: jQuery('#autosavenonce').val(),
tags_input: jQuery("#tags-input").val() || "",
post_type: jQuery('#post_type').val() || ""
};
@@ -99,7 +99,7 @@ function autosave() {
tinyMCE.triggerSave();
}
- post_data["content"] = jQuery("#content").val();
+ post_data["content"] = jQuery("#content").val();
if(post_data["post_title"].length==0 || post_data["content"].length==0 || post_data["post_title"] + post_data["content"] == autosaveLast) {
return;
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index f906eb3493..6c33824802 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -635,11 +635,12 @@ if ( !function_exists('check_admin_referer') ) :
* @uses do_action() Calls 'check_admin_referer' on $action.
*
* @param string $action Action nonce
+ * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
*/
-function check_admin_referer($action = -1) {
+function check_admin_referer($action = -1, $query_arg = '_wpnonce' ) {
$adminurl = strtolower(get_option('siteurl')).'/wp-admin';
$referer = strtolower(wp_get_referer());
- if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
+ if ( !wp_verify_nonce($_REQUEST[$query_arg], $action) &&
!(-1 == $action && strpos($referer, $adminurl) !== false)) {
wp_nonce_ays($action);
die();
@@ -654,34 +655,17 @@ if ( !function_exists('check_ajax_referer') ) :
* @since 2.0.4
*
* @param string $action Action nonce
+ * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5)
*/
-function check_ajax_referer( $action = -1 ) {
- $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
- if ( !wp_verify_nonce( $nonce, $action ) ) {
- $current_id = '';
- if ( ( $current = wp_get_current_user() ) && $current->ID )
- $current_id = $current->ID;
- if ( !$current_id )
- die('-1');
+function check_ajax_referer( $action = -1, $query_arg = false ) {
+ if ( $query_arg )
+ $nonce = $_REQUEST[$query_arg];
+ else
+ $nonce = $_REQUEST['_ajax_nonce'] ? $_REQUEST['_ajax_nonce'] : $_REQUEST['_wpnonce'];
- $auth_cookie = '';
- $cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
- foreach ( $cookie as $tasty ) {
- if ( false !== strpos($tasty, AUTH_COOKIE . '=') ) {
- $auth_cookie = substr(strstr($tasty, '='), 1);
- break;
- }
- }
+ if ( !wp_verify_nonce( $nonce, $action ) )
+ die('-1');
- if ( empty($auth_cookie) )
- die('-1');
-
- if ( ! $user_id = wp_validate_auth_cookie( $auth_cookie ) )
- die('-1');
-
- if ( $current_id != $user_id )
- die('-1');
- }
do_action('check_ajax_referer');
}
endif;
diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php
index a0081a7dec..e8520bb4e2 100644
--- a/wp-includes/script-loader.php
+++ b/wp-includes/script-loader.php
@@ -37,7 +37,7 @@ class WP_Scripts {
$this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.6');
- $this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080104');
+ $this->add( 'autosave', '/wp-includes/js/autosave.js', array('jquery', 'schedule'), '20080206');
$this->localize( 'autosave', 'autosaveL10n', array(
'autosaveInterval' => apply_filters('autosave_interval', '120'),
'errorText' => __('Error: %response%'),