Make WordPress Core


Ignore:
Timestamp:
01/11/2012 04:42:42 PM (13 years ago)
Author:
ryan
Message:

Hash post password in cookies. fixes #19797

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post-template.php

    r19684 r19728  
    559559 */
    560560function post_password_required( $post = null ) {
     561    global $wp_hasher;
     562
    561563    $post = get_post($post);
    562564
    563     if ( empty($post->post_password) )
     565    if ( empty( $post->post_password ) )
    564566        return false;
    565567
    566     if ( !isset($_COOKIE['wp-postpass_' . COOKIEHASH]) )
     568    if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
    567569        return true;
    568570
    569     if ( stripslashes( $_COOKIE['wp-postpass_' . COOKIEHASH] ) != $post->post_password )
    570         return true;
    571 
    572     return false;
     571    if ( empty( $wp_hasher ) ) {
     572        require_once( ABSPATH . 'wp-includes/class-phpass.php');
     573        // By default, use the portable hash from phpass
     574        $wp_hasher = new PasswordHash(8, true);
     575    }
     576
     577    $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
     578
     579    return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
    573580}
    574581
Note: See TracChangeset for help on using the changeset viewer.