WordPress.org

Make WordPress Core

Ticket #9577: 9577.diff

File 9577.diff, 2.1 KB (added by Denis-de-Bernardy, 9 years ago)

refreshed against 11256

  • wp-includes/registration.php

     
    4848 */
    4949function validate_username( $username ) {
    5050        $sanitized = sanitize_user( $username, true );
    51         $valid = ( $sanitized == $username );
     51        $valid = ( $sanitized == $username && !preg_match("/^\d+$/", $username) );
    5252        return apply_filters( 'validate_username', $valid, $username );
    5353}
    5454
  • wp-includes/pluggable.php

     
    523523                return false;
    524524        }
    525525
    526         $user = get_userdatabylogin($username);
     526        $user = get_userdata($user_id);
    527527        if ( ! $user ) {
    528                 do_action('auth_cookie_bad_username', $cookie_elements);
     528                do_action('auth_cookie_bad_id', $cookie_elements);
    529529                return false;
    530530        }
    531531
    532532        $pass_frag = substr($user->user_pass, 8, 4);
    533533
    534         $key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
    535         $hash = hash_hmac('md5', $username . '|' . $expiration, $key);
     534        $key = wp_hash($user->user_login . $pass_frag . '|' . $expiration, $scheme);
     535        $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
    536536
    537537        if ( $hmac != $hash ) {
    538538                do_action('auth_cookie_bad_hash', $cookie_elements);
     
    566566        $key = wp_hash($user->user_login . $pass_frag . '|' . $expiration, $scheme);
    567567        $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
    568568
    569         $cookie = $user->user_login . '|' . $expiration . '|' . $hash;
     569        $cookie = $user->ID . '|' . $expiration . '|' . $hash;
    570570
    571571        return apply_filters('auth_cookie', $cookie, $user_id, $expiration, $scheme);
    572572}
     
    613613        if ( count($cookie_elements) != 3 )
    614614                return false;
    615615
    616         list($username, $expiration, $hmac) = $cookie_elements;
     616        list($user_id, $expiration, $hmac) = $cookie_elements;
    617617
    618         return compact('username', 'expiration', 'hmac', 'scheme');
     618        return compact('user_id', 'expiration', 'hmac', 'scheme');
    619619}
    620620endif;
    621621