WordPress.org

Make WordPress Core

Ticket #19821: 19732.diff

File 19732.diff, 2.3 KB (added by sirzooro, 6 years ago)

Proposed patch + coding standard

  • wp-includes/pluggable.php

     
    506506 * @param string $scheme Optional. The cookie scheme to use: auth, secure_auth, or logged_in
    507507 * @return bool|int False if invalid cookie, User ID if valid.
    508508 */
    509 function wp_validate_auth_cookie($cookie = '', $scheme = '') {
    510         if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) ) {
    511                 do_action('auth_cookie_malformed', $cookie, $scheme);
     509function wp_validate_auth_cookie( $cookie = '', $scheme = '' ) {
     510        if ( ! $cookie_elements = wp_parse_auth_cookie( $cookie, $scheme ) ) {
     511                do_action( 'auth_cookie_malformed', $cookie, $scheme );
    512512                return false;
    513513        }
    514514
    515         extract($cookie_elements, EXTR_OVERWRITE);
     515        extract( $cookie_elements, EXTR_OVERWRITE );
    516516
    517517        $expired = $expiration;
    518518
     
    522522
    523523        // Quick check to see if an honest cookie has expired
    524524        if ( $expired < time() ) {
    525                 do_action('auth_cookie_expired', $cookie_elements);
     525                do_action( 'auth_cookie_expired', $cookie_elements );
    526526                return false;
    527527        }
    528528
    529         $user = get_user_by('login', $username);
     529        $user = get_user_by( 'login', $username );
    530530        if ( ! $user ) {
    531                 do_action('auth_cookie_bad_username', $cookie_elements);
     531                do_action( 'auth_cookie_bad_username', $cookie_elements );
    532532                return false;
    533533        }
    534534
    535         $pass_frag = substr($user->user_pass, 8, 4);
     535        $pass_frag = substr( $user->user_pass, 8, 4 );
    536536
    537         $key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
    538         $hash = hash_hmac('md5', $username . '|' . $expiration, $key);
     537        $key = wp_hash( $username . $pass_frag . '|' . $expiration, $scheme );
     538        $hash = hash_hmac( 'md5', $username . '|' . $expiration, $key );
    539539
    540540        if ( $hmac != $hash ) {
    541                 do_action('auth_cookie_bad_hash', $cookie_elements);
     541                do_action( 'auth_cookie_bad_hash', $cookie_elements );
    542542                return false;
    543543        }
     544       
     545        $user = apply_filters( 'validate_auth_cookie', $user );
     546        if ( $user === false ) {
     547                do_action( 'auth_cookie_invalid', $cookie_elements );
     548                return false;
     549        }
    544550
    545551        if ( $expiration < time() ) // AJAX/POST grace period set above
    546552                $GLOBALS['login_grace_period'] = 1;
    547553
    548         do_action('auth_cookie_valid', $cookie_elements, $user);
     554        do_action( 'auth_cookie_valid', $cookie_elements, $user );
    549555
    550556        return $user->ID;
    551557}