Changeset 29382 for trunk/src/wp-includes/pluggable.php
- Timestamp:
- 08/06/2014 05:25:03 AM (11 years ago)
- File:
-
- 1 edited
-
trunk/src/wp-includes/pluggable.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/pluggable.php
r29221 r29382 672 672 $hash = hash_hmac( 'sha256', $username . '|' . $expiration . '|' . $token, $key ); 673 673 674 if ( hash_hmac( 'sha256', $hmac, $key ) !== hash_hmac( 'sha256', $hash, $key) ) {674 if ( ! hash_equals( $hash, $hmac ) ) { 675 675 /** 676 676 * Fires if a bad authentication cookie hash is encountered. … … 1712 1712 1713 1713 // Nonce generated 0-12 hours ago 1714 if ( $nonce === substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10 ) ) { 1714 $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10 ); 1715 if ( hash_equals( $expected, $nonce ) ) { 1715 1716 return 1; 1716 1717 } 1717 1718 1718 1719 // Nonce generated 12-24 hours ago 1719 if ( $nonce === substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ) ) { 1720 $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); 1721 if ( hash_equals( $expected, $nonce ) ) { 1720 1722 return 2; 1721 1723 }
Note: See TracChangeset
for help on using the changeset viewer.