WordPress.org

Make WordPress Core

Ticket #21022: 21022.2.diff

File 21022.2.diff, 2.8 KB (added by iandunn, 8 years ago)

Updates a few more calls to PasswordHash()

  • src/wp-includes/pluggable.php

     
    15031503
    15041504        if ( empty($wp_hasher) ) {
    15051505                require_once( ABSPATH . 'wp-includes/class-phpass.php');
    1506                 // By default, use the portable hash from phpass
    1507                 $wp_hasher = new PasswordHash(8, true);
     1506                // By default, do not use the portable hash from phpass
     1507                $wp_hasher = new PasswordHash( 8, false );
    15081508        }
    15091509
    15101510        return $wp_hasher->HashPassword( trim( $password ) );
     
    15491549        }
    15501550
    15511551        // If the stored hash is longer than an MD5, presume the
    1552         // new style phpass portable hash.
     1552        // new style phpass hash.
    15531553        if ( empty($wp_hasher) ) {
    15541554                require_once( ABSPATH . 'wp-includes/class-phpass.php');
    1555                 // By default, use the portable hash from phpass
    1556                 $wp_hasher = new PasswordHash(8, true);
     1555                // By default, do not use the portable hash from phpass
     1556                $wp_hasher = new PasswordHash( 8, false );
    15571557        }
    15581558
    15591559        $check = $wp_hasher->CheckPassword($password, $hash);
  • src/wp-includes/post-template.php

     
    584584                return true;
    585585
    586586        require_once ABSPATH . 'wp-includes/class-phpass.php';
    587         $hasher = new PasswordHash( 8, true );
     587        $hasher = new PasswordHash( 8, false );
    588588
    589589        $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
    590590        if ( 0 !== strpos( $hash, '$P$B' ) )
  • src/wp-includes/user.php

     
    18611861
    18621862        if ( empty( $wp_hasher ) ) {
    18631863                require_once ABSPATH . 'wp-includes/class-phpass.php';
    1864                 $wp_hasher = new PasswordHash( 8, true );
     1864                $wp_hasher = new PasswordHash( 8, false );
    18651865        }
    18661866
    18671867        if ( $wp_hasher->CheckPassword( $key, $row->user_activation_key ) )
  • src/wp-login.php

     
    349349        // Now insert the key, hashed, into the DB.
    350350        if ( empty( $wp_hasher ) ) {
    351351                require_once ABSPATH . 'wp-includes/class-phpass.php';
    352                 $wp_hasher = new PasswordHash( 8, true );
     352                $wp_hasher = new PasswordHash( 8, false );
    353353        }
    354354        $hashed = $wp_hasher->HashPassword( $key );
    355355        $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) );
     
    450450
    451451case 'postpass' :
    452452        require_once ABSPATH . 'wp-includes/class-phpass.php';
    453         $hasher = new PasswordHash( 8, true );
     453        $hasher = new PasswordHash( 8, false );
    454454
    455455        /**
    456456         * Filter the life span of the post password cookie.