Ticket #21022: 21022.2.diff
File 21022.2.diff, 2.8 KB (added by , 11 years ago) |
---|
-
src/wp-includes/pluggable.php
1503 1503 1504 1504 if ( empty($wp_hasher) ) { 1505 1505 require_once( ABSPATH . 'wp-includes/class-phpass.php'); 1506 // By default, use the portable hash from phpass1507 $wp_hasher = new PasswordHash( 8, true);1506 // By default, do not use the portable hash from phpass 1507 $wp_hasher = new PasswordHash( 8, false ); 1508 1508 } 1509 1509 1510 1510 return $wp_hasher->HashPassword( trim( $password ) ); … … 1549 1549 } 1550 1550 1551 1551 // If the stored hash is longer than an MD5, presume the 1552 // new style phpass portablehash.1552 // new style phpass hash. 1553 1553 if ( empty($wp_hasher) ) { 1554 1554 require_once( ABSPATH . 'wp-includes/class-phpass.php'); 1555 // By default, use the portable hash from phpass1556 $wp_hasher = new PasswordHash( 8, true);1555 // By default, do not use the portable hash from phpass 1556 $wp_hasher = new PasswordHash( 8, false ); 1557 1557 } 1558 1558 1559 1559 $check = $wp_hasher->CheckPassword($password, $hash); -
src/wp-includes/post-template.php
584 584 return true; 585 585 586 586 require_once ABSPATH . 'wp-includes/class-phpass.php'; 587 $hasher = new PasswordHash( 8, true );587 $hasher = new PasswordHash( 8, false ); 588 588 589 589 $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); 590 590 if ( 0 !== strpos( $hash, '$P$B' ) ) -
src/wp-includes/user.php
1861 1861 1862 1862 if ( empty( $wp_hasher ) ) { 1863 1863 require_once ABSPATH . 'wp-includes/class-phpass.php'; 1864 $wp_hasher = new PasswordHash( 8, true );1864 $wp_hasher = new PasswordHash( 8, false ); 1865 1865 } 1866 1866 1867 1867 if ( $wp_hasher->CheckPassword( $key, $row->user_activation_key ) ) -
src/wp-login.php
349 349 // Now insert the key, hashed, into the DB. 350 350 if ( empty( $wp_hasher ) ) { 351 351 require_once ABSPATH . 'wp-includes/class-phpass.php'; 352 $wp_hasher = new PasswordHash( 8, true );352 $wp_hasher = new PasswordHash( 8, false ); 353 353 } 354 354 $hashed = $wp_hasher->HashPassword( $key ); 355 355 $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user_login ) ); … … 450 450 451 451 case 'postpass' : 452 452 require_once ABSPATH . 'wp-includes/class-phpass.php'; 453 $hasher = new PasswordHash( 8, true );453 $hasher = new PasswordHash( 8, false ); 454 454 455 455 /** 456 456 * Filter the life span of the post password cookie.