Make WordPress Core


Ignore:
Timestamp:
06/21/2013 03:00:26 AM (12 years ago)
Author:
nacin
Message:

Validate post password hash.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post-template.php

    r24377 r24466  
    589589 */
    590590function post_password_required( $post = null ) {
    591     global $wp_hasher;
    592 
    593591    $post = get_post($post);
    594592
     
    599597        return true;
    600598
    601     if ( empty( $wp_hasher ) ) {
    602         require_once( ABSPATH . 'wp-includes/class-phpass.php');
    603         // By default, use the portable hash from phpass
    604         $wp_hasher = new PasswordHash(8, true);
    605     }
     599    require_once ABSPATH . 'wp-includes/class-phpass.php';
     600    $hasher = new PasswordHash( 8, true );
    606601
    607602    $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
    608 
    609     return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
     603    if ( 0 !== strpos( $hash, '$P$B' ) )
     604        return true;
     605
     606    return ! $hasher->CheckPassword( $post->post_password, $hash );
    610607}
    611608
Note: See TracChangeset for help on using the changeset viewer.