WordPress.org

Make WordPress Core

Changeset 28055


Ignore:
Timestamp:
04/08/2014 06:07:28 PM (6 years ago)
Author:
nacin
Message:

Harden HMAC verification. props duck_. [28053] for 3.7.

Location:
branches/3.7
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.7

  • branches/3.7/src/wp-includes/pluggable.php

    r25900 r28055  
    547547    $hash = hash_hmac('md5', $username . '|' . $expiration, $key);
    548548
    549     if ( $hmac != $hash ) {
     549    if ( hash_hmac( 'md5', $hmac, $key ) !== hash_hmac( 'md5', $hash, $key ) ) {
    550550        do_action('auth_cookie_bad_hash', $cookie_elements);
    551551        return false;
Note: See TracChangeset for help on using the changeset viewer.