Make WordPress Core

Ticket #44628: 44628.diff

File 44628.diff, 1.0 KB (added by jbcomte35, 6 years ago)

Diff file

  • src/wp-admin/includes/upgrade.php

    diff --git a/src/wp-admin/includes/upgrade.php b/src/wp-admin/includes/upgrade.php
    index 4de9b109f4..32422b0e25 100644
    a b function upgrade_110() { 
    931931
    932932        $users = $wpdb->get_results( "SELECT ID, user_pass from $wpdb->users" );
    933933        foreach ( $users as $row ) {
    934                 if ( ! preg_match( '/^[A-Fa-f0-9]{32}$/', $row->user_pass ) ) {
    935                         $wpdb->update( $wpdb->users, array( 'user_pass' => md5( $row->user_pass ) ), array( 'ID' => $row->ID ) );
    936                 }
     934            // Check if password is less than or equal to 32 characters
     935        if ( strlen( $row->user_pass ) <= 32 ) {
     936            if( strlen( $row->user_pass ) < 32 || !ctype_xdigit( $row->user_pass ) ){
     937                // Password is less than 32 characters or contain not valid hexadecimal characters => MD5 it !
     938                $wpdb->update( $wpdb->users, array( 'user_pass' => md5( $row->user_pass ) ), array( 'ID' => $row->ID ) );
     939            }
     940        }
    937941        }
    938942
    939943        // Get the GMT offset, we'll use that later on