WordPress.org

Make WordPress Core

Ticket #9577: 9577.diff

File 9577.diff, 2.1 KB (added by Denis-de-Bernardy, 5 years ago)

refreshed against 11256

  • wp-includes/registration.php

     
    4848 */ 
    4949function validate_username( $username ) { 
    5050        $sanitized = sanitize_user( $username, true ); 
    51         $valid = ( $sanitized == $username ); 
     51        $valid = ( $sanitized == $username && !preg_match("/^\d+$/", $username) ); 
    5252        return apply_filters( 'validate_username', $valid, $username ); 
    5353} 
    5454 
  • wp-includes/pluggable.php

     
    523523                return false; 
    524524        } 
    525525 
    526         $user = get_userdatabylogin($username); 
     526        $user = get_userdata($user_id); 
    527527        if ( ! $user ) { 
    528                 do_action('auth_cookie_bad_username', $cookie_elements); 
     528                do_action('auth_cookie_bad_id', $cookie_elements); 
    529529                return false; 
    530530        } 
    531531 
    532532        $pass_frag = substr($user->user_pass, 8, 4); 
    533533 
    534         $key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme); 
    535         $hash = hash_hmac('md5', $username . '|' . $expiration, $key); 
     534        $key = wp_hash($user->user_login . $pass_frag . '|' . $expiration, $scheme); 
     535        $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key); 
    536536 
    537537        if ( $hmac != $hash ) { 
    538538                do_action('auth_cookie_bad_hash', $cookie_elements); 
     
    566566        $key = wp_hash($user->user_login . $pass_frag . '|' . $expiration, $scheme); 
    567567        $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key); 
    568568 
    569         $cookie = $user->user_login . '|' . $expiration . '|' . $hash; 
     569        $cookie = $user->ID . '|' . $expiration . '|' . $hash; 
    570570 
    571571        return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme); 
    572572} 
     
    613613        if ( count($cookie_elements) != 3 ) 
    614614                return false; 
    615615 
    616         list($username, $expiration, $hmac) = $cookie_elements; 
     616        list($user_id, $expiration, $hmac) = $cookie_elements; 
    617617 
    618         return compact('username', 'expiration', 'hmac', 'scheme'); 
     618        return compact('user_id', 'expiration', 'hmac', 'scheme'); 
    619619} 
    620620endif; 
    621621