WordPress.org

Make WordPress Core

Changeset 29409 for branches/3.8


Ignore:
Timestamp:
08/06/2014 05:57:52 PM (6 years ago)
Author:
nacin
Message:

Use delimiters when building nonce hashes. Part two of [29386].

Location:
branches/3.8
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.8

  • branches/3.8/src/wp-includes/pluggable.php

    r29399 r29409  
    13431343
    13441344    // Nonce generated 0-12 hours ago
    1345     $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10 );
     1345    $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid, 'nonce'), -12, 10 );
    13461346    if ( hash_equals( $expected, $nonce ) ) {
    13471347        return 1;
     
    13491349
    13501350    // Nonce generated 12-24 hours ago
    1351     $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
     1351    $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid, 'nonce' ), -12, 10 );
    13521352    if ( hash_equals( $expected, $nonce ) ) {
    13531353        return 2;
     
    13761376    $i = wp_nonce_tick();
    13771377
    1378     return substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10);
     1378    return substr(wp_hash($i . '|' . $action . '|' . $uid, 'nonce'), -12, 10);
    13791379}
    13801380endif;
Note: See TracChangeset for help on using the changeset viewer.