Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Validate nonce and digest of form used to add users

  • Loading branch information...
commit 04cd07adfc9984433fe8b491aad956544b68899b 1 parent 7f85246
Colin Seymour lildude authored
Showing with 6 additions and 0 deletions.
  1. +6 −0 handlers/adminusershandler.php
6 handlers/adminusershandler.php
View
@@ -393,6 +393,12 @@ public function get_users()
*/
public function post_users()
{
+ $wsse = Utils::WSSE( $this->handler_vars['nonce'], $this->handler_vars['timestamp'] );
+ if ( $this->handler_vars['password_digest'] != $wsse['digest'] ) {
+ Session::error( _t( 'WSSE authentication failed.' ) );
+ return Session::messages_get( true, 'array' );
+ }
+
$this->fetch_users();
$extract = $this->handler_vars->filter_keys( 'newuser', 'delete', 'new_pass1', 'new_pass2', 'new_email', 'new_username' );
Please sign in to comment.
Something went wrong with that request. Please try again.