Ticket #29518: 29518.3.diff
| File 29518.3.diff, 1.8 KB (added by , 9 years ago) |
|---|
-
src/wp-includes/pluggable.php
669 669 $pass_frag = substr($user->user_pass, 8, 4); 670 670 671 671 $key = wp_hash( $username . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme ); 672 $hash = hash_hmac( 'sha256', $username . '|' . $expiration . '|' . $token, $key ); 672 // If ext/hash is not present, compat.php's hash_hmac() does not support sha256. 673 $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1'; 674 $hash = hash_hmac( $algo, $username . '|' . $expiration . '|' . $token, $key ); 673 675 674 676 if ( ! hash_equals( $hash, $hmac ) ) { 675 677 /** … … 734 736 $pass_frag = substr($user->user_pass, 8, 4); 735 737 736 738 $key = wp_hash( $user->user_login . '|' . $pass_frag . '|' . $expiration . '|' . $token, $scheme ); 737 $hash = hash_hmac( 'sha256', $user->user_login . '|' . $expiration . '|' . $token, $key ); 739 // If ext/hash is not present, compat.php's hash_hmac() does not support sha256. 740 $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1'; 741 $hash = hash_hmac( $algo, $user->user_login . '|' . $expiration . '|' . $token, $key ); 738 742 739 743 $cookie = $user->user_login . '|' . $expiration . '|' . $token . '|' . $hash; 740 744 -
src/wp-includes/session.php
61 61 * @return string A hash of the session token (a verifier). 62 62 */ 63 63 final private function hash_token( $token ) { 64 return hash( 'sha256', $token ); 64 // If ext/hash is not present, use sha1() instead. 65 if ( function_exists( 'hash' ) ) { 66 return hash( 'sha256', $token ); 67 } else { 68 return sha1( $token ); 69 } 65 70 } 66 71 67 72 /**