WordPress.org

Make WordPress Core

Ticket #19797: 19797.diff

File 19797.diff, 2.0 KB (added by ryan, 3 years ago)
  • wp-pass.php

     
    77 */ 
    88 
    99/** Make sure that the WordPress bootstrap has run before continuing. */ 
    10 require( dirname(__FILE__) . '/wp-load.php'); 
     10require( dirname( __FILE__ ) . '/wp-load.php'); 
    1111 
     12if ( empty( $wp_hasher ) ) { 
     13        require_once( ABSPATH . 'wp-includes/class-phpass.php'); 
     14        // By default, use the portable hash from phpass 
     15        $wp_hasher = new PasswordHash(8, true); 
     16} 
     17 
    1218// 10 days 
    13 setcookie('wp-postpass_' . COOKIEHASH, stripslashes( $_POST['post_password'] ), time() + 864000, COOKIEPATH); 
     19setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH ); 
    1420 
    15 wp_safe_redirect(wp_get_referer()); 
     21wp_safe_redirect( wp_get_referer() ); 
    1622exit; 
  • wp-includes/post-template.php

     
    558558 * @return bool false if a password is not required or the correct password cookie is present, true otherwise. 
    559559 */ 
    560560function post_password_required( $post = null ) { 
     561        global $wp_hasher; 
     562 
    561563        $post = get_post($post); 
    562564 
    563         if ( empty($post->post_password) ) 
     565        if ( empty( $post->post_password ) ) 
    564566                return false; 
    565567 
    566         if ( !isset($_COOKIE['wp-postpass_' . COOKIEHASH]) ) 
     568        if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) ) 
    567569                return true; 
    568570 
    569         if ( stripslashes( $_COOKIE['wp-postpass_' . COOKIEHASH] ) != $post->post_password ) 
    570                 return true; 
     571        if ( empty( $wp_hasher ) ) { 
     572                require_once( ABSPATH . 'wp-includes/class-phpass.php'); 
     573                // By default, use the portable hash from phpass 
     574                $wp_hasher = new PasswordHash(8, true); 
     575        } 
    571576 
    572         return false; 
     577        $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); 
     578 
     579        return ! $wp_hasher->CheckPassword( $post->post_password, $hash ); 
    573580} 
    574581 
    575582/**