WordPress.org

Make WordPress Core

Changeset 28054


Ignore:
Timestamp:
04/08/2014 06:06:40 PM (6 years ago)
Author:
nacin
Message:

Harden HMAC verification. props duck_. [28053] for 3.8.

Location:
branches/3.8
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.8

  • branches/3.8/src/wp-includes/pluggable.php

    r26388 r28054  
    544544    $hash = hash_hmac('md5', $username . '|' . $expiration, $key);
    545545
    546     if ( $hmac != $hash ) {
     546    if ( hash_hmac( 'md5', $hmac, $key ) !== hash_hmac( 'md5', $hash, $key ) ) {
    547547        do_action('auth_cookie_bad_hash', $cookie_elements);
    548548        return false;
Note: See TracChangeset for help on using the changeset viewer.