WordPress.org

Make WordPress Core

Changeset 19728


Ignore:
Timestamp:
01/11/12 16:42:42 (3 years ago)
Author:
ryan
Message:

Hash post password in cookies. fixes #19797

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post-template.php

    r19684 r19728  
    559559 */ 
    560560function post_password_required( $post = null ) { 
     561    global $wp_hasher; 
     562 
    561563    $post = get_post($post); 
    562564 
    563     if ( empty($post->post_password) ) 
     565    if ( empty( $post->post_password ) ) 
    564566        return false; 
    565567 
    566     if ( !isset($_COOKIE['wp-postpass_' . COOKIEHASH]) ) 
     568    if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) ) 
    567569        return true; 
    568570 
    569     if ( stripslashes( $_COOKIE['wp-postpass_' . COOKIEHASH] ) != $post->post_password ) 
    570         return true; 
    571  
    572     return false; 
     571    if ( empty( $wp_hasher ) ) { 
     572        require_once( ABSPATH . 'wp-includes/class-phpass.php'); 
     573        // By default, use the portable hash from phpass 
     574        $wp_hasher = new PasswordHash(8, true); 
     575    } 
     576 
     577    $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); 
     578 
     579    return ! $wp_hasher->CheckPassword( $post->post_password, $hash ); 
    573580} 
    574581 
  • trunk/wp-pass.php

    r19712 r19728  
    88 
    99/** Make sure that the WordPress bootstrap has run before continuing. */ 
    10 require( dirname(__FILE__) . '/wp-load.php'); 
     10require( dirname( __FILE__ ) . '/wp-load.php'); 
     11 
     12if ( empty( $wp_hasher ) ) { 
     13    require_once( ABSPATH . 'wp-includes/class-phpass.php'); 
     14    // By default, use the portable hash from phpass 
     15    $wp_hasher = new PasswordHash(8, true); 
     16} 
    1117 
    1218// 10 days 
    13 setcookie('wp-postpass_' . COOKIEHASH, stripslashes( $_POST['post_password'] ), time() + 864000, COOKIEPATH); 
     19setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH ); 
    1420 
    15 wp_safe_redirect(wp_get_referer()); 
     21wp_safe_redirect( wp_get_referer() ); 
    1622exit; 
Note: See TracChangeset for help on using the changeset viewer.