WordPress.org

Make WordPress Core

Ticket #19797: 19797.diff

File 19797.diff, 2.0 KB (added by ryan, 6 years ago)
  • wp-pass.php

     
    77 */
    88
    99/** Make sure that the WordPress bootstrap has run before continuing. */
    10 require( dirname(__FILE__) . '/wp-load.php');
     10require( dirname( __FILE__ ) . '/wp-load.php');
    1111
     12if ( empty( $wp_hasher ) ) {
     13        require_once( ABSPATH . 'wp-includes/class-phpass.php');
     14        // By default, use the portable hash from phpass
     15        $wp_hasher = new PasswordHash(8, true);
     16}
     17
    1218// 10 days
    13 setcookie('wp-postpass_' . COOKIEHASH, stripslashes( $_POST['post_password'] ), time() + 864000, COOKIEPATH);
     19setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH );
    1420
    15 wp_safe_redirect(wp_get_referer());
     21wp_safe_redirect( wp_get_referer() );
    1622exit;
  • wp-includes/post-template.php

     
    558558 * @return bool false if a password is not required or the correct password cookie is present, true otherwise.
    559559 */
    560560function post_password_required( $post = null ) {
     561        global $wp_hasher;
     562
    561563        $post = get_post($post);
    562564
    563         if ( empty($post->post_password) )
     565        if ( empty( $post->post_password ) )
    564566                return false;
    565567
    566         if ( !isset($_COOKIE['wp-postpass_' . COOKIEHASH]) )
     568        if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
    567569                return true;
    568570
    569         if ( stripslashes( $_COOKIE['wp-postpass_' . COOKIEHASH] ) != $post->post_password )
    570                 return true;
     571        if ( empty( $wp_hasher ) ) {
     572                require_once( ABSPATH . 'wp-includes/class-phpass.php');
     573                // By default, use the portable hash from phpass
     574                $wp_hasher = new PasswordHash(8, true);
     575        }
    571576
    572         return false;
     577        $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
     578
     579        return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
    573580}
    574581
    575582/**