Ticket #29518: 29518.2.diff
| File 29518.2.diff, 1.6 KB (added by , 9 years ago) |
|---|
-
src/wp-includes/pluggable.php
669 669 $pass_frag = substr($user->user_pass, 8, 4); 670 670 671 671 $key = wp_hash( $username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme ); 672 // Fall back to sha1 if ext/hash is unavailable. 673 $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1'; 672 674 $hash = hash_hmac( 'sha256', $username . '|' . $expiration . '|' . $token, $key ); 673 675 674 676 if ( ! hash_equals( $hash, $hmac ) ) { … … 734 736 $pass_frag = substr($user->user_pass, 8, 4); 735 737 736 738 $key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme ); 739 // Fall back to sha1 if ext/hash is unavailable. 740 $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1'; 737 741 $hash = hash_hmac( 'sha256', $user->user_login . '|' . $expiration . '|' . $token, $key ); 738 742 739 743 $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash; -
src/wp-includes/session.php
61 61 * @return string A hash of the session token (a verifier). 62 62 */ 63 63 final private function hash_token( $token ) { 64 return hash( 'sha256', $token ); 64 // Fall back to sha1 if ext/hash is unavailable. 65 if ( function_exists( 'hash' ) ) { 66 return hash( 'sha256', $token ); 67 } else { 68 return sha1( $token ); 69 } 65 70 } 66 71 67 72 /**