Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Validate nonce and digest of form used to add users

  • Loading branch information...
commit 04cd07adfc9984433fe8b491aad956544b68899b 1 parent 7f85246
Colin Seymour authored October 20, 2011

Showing 1 changed file with 6 additions and 0 deletions. Show diff stats Hide diff stats

  1. 6  handlers/adminusershandler.php
6  handlers/adminusershandler.php
@@ -393,6 +393,12 @@ public function get_users()
393 393
 	 */
394 394
 	public function post_users()
395 395
 	{
  396
+		$wsse = Utils::WSSE( $this->handler_vars['nonce'], $this->handler_vars['timestamp'] );
  397
+		if ( $this->handler_vars['password_digest'] != $wsse['digest'] ) {
  398
+			Session::error( _t( 'WSSE authentication failed.' ) );
  399
+			return Session::messages_get( true, 'array' );
  400
+		}
  401
+
396 402
 		$this->fetch_users();
397 403
 
398 404
 		$extract = $this->handler_vars->filter_keys( 'newuser', 'delete', 'new_pass1', 'new_pass2', 'new_email', 'new_username' );

0 notes on commit 04cd07a

Please sign in to comment.
Something went wrong with that request. Please try again.