WordPress.org

Make WordPress Core

Changeset 19728


Ignore:
Timestamp:
01/11/2012 04:42:42 PM (6 years ago)
Author:
ryan
Message:

Hash post password in cookies. fixes #19797

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post-template.php

    r19684 r19728  
    559559 */
    560560function post_password_required( $post = null ) {
     561    global $wp_hasher;
     562
    561563    $post = get_post($post);
    562564
    563     if ( empty($post->post_password) )
     565    if ( empty( $post->post_password ) )
    564566        return false;
    565567
    566     if ( !isset($_COOKIE['wp-postpass_' . COOKIEHASH]) )
     568    if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
    567569        return true;
    568570
    569     if ( stripslashes( $_COOKIE['wp-postpass_' . COOKIEHASH] ) != $post->post_password )
    570         return true;
    571 
    572     return false;
     571    if ( empty( $wp_hasher ) ) {
     572        require_once( ABSPATH . 'wp-includes/class-phpass.php');
     573        // By default, use the portable hash from phpass
     574        $wp_hasher = new PasswordHash(8, true);
     575    }
     576
     577    $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
     578
     579    return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
    573580}
    574581
  • trunk/wp-pass.php

    r19712 r19728  
    88
    99/** Make sure that the WordPress bootstrap has run before continuing. */
    10 require( dirname(__FILE__) . '/wp-load.php');
     10require( dirname( __FILE__ ) . '/wp-load.php');
     11
     12if ( empty( $wp_hasher ) ) {
     13    require_once( ABSPATH . 'wp-includes/class-phpass.php');
     14    // By default, use the portable hash from phpass
     15    $wp_hasher = new PasswordHash(8, true);
     16}
    1117
    1218// 10 days
    13 setcookie('wp-postpass_' . COOKIEHASH, stripslashes( $_POST['post_password'] ), time() + 864000, COOKIEPATH);
     19setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH );
    1420
    15 wp_safe_redirect(wp_get_referer());
     21wp_safe_redirect( wp_get_referer() );
    1622exit;
Note: See TracChangeset for help on using the changeset viewer.