WordPress.org

Make WordPress Core

Ticket #21022: use_bcrypt.diff

File use_bcrypt.diff, 1.8 KB (added by harrym, 9 years ago)

Patch to use bcrypt by default

  • wp-includes/pluggable.php

    diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
    index 6ee424a..07a06be 100644
    a b function wp_hash_password($password) { 
    14131413        if ( empty($wp_hasher) ) {
    14141414                require_once( ABSPATH . 'wp-includes/class-phpass.php');
    14151415                // By default, use the portable hash from phpass
    1416                 $wp_hasher = new PasswordHash(8, true);
     1416                $wp_hasher = new PasswordHash(8, false);
    14171417        }
    14181418
    14191419        return $wp_hasher->HashPassword($password);
    function wp_check_password($password, $hash, $user_id = '') { 
    14611461        if ( empty($wp_hasher) ) {
    14621462                require_once( ABSPATH . 'wp-includes/class-phpass.php');
    14631463                // By default, use the portable hash from phpass
    1464                 $wp_hasher = new PasswordHash(8, true);
     1464                $wp_hasher = new PasswordHash(8, false);
    14651465        }
    14661466
    14671467        $check = $wp_hasher->CheckPassword($password, $hash);
  • wp-includes/post-template.php

    diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php
    index a8e4f89..020e87a 100644
    a b function post_password_required( $post = null ) { 
    570570        if ( empty( $wp_hasher ) ) {
    571571                require_once( ABSPATH . 'wp-includes/class-phpass.php');
    572572                // By default, use the portable hash from phpass
    573                 $wp_hasher = new PasswordHash(8, true);
     573                $wp_hasher = new PasswordHash(8, false);
    574574        }
    575575
    576576        $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
  • wp-login.php

    diff --git a/wp-login.php b/wp-login.php
    index 5d4f3f7..1e74d07 100644
    a b case 'postpass' : 
    392392        if ( empty( $wp_hasher ) ) {
    393393                require_once( ABSPATH . 'wp-includes/class-phpass.php' );
    394394                // By default, use the portable hash from phpass
    395                 $wp_hasher = new PasswordHash(8, true);
     395                $wp_hasher = new PasswordHash(8, false);
    396396        }
    397397
    398398        // 10 days