WordPress.org

Make WordPress Core

Changeset 29410


Ignore:
Timestamp:
08/06/2014 05:58:44 PM (6 years ago)
Author:
nacin
Message:

Use delimiters when building nonce hashes. Part two of [29388].

Location:
branches/3.7
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.7

  • branches/3.7/src/wp-includes/pluggable.php

    r29400 r29410  
    12981298
    12991299    // Nonce generated 0-12 hours ago
    1300     $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10 );
     1300    $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid, 'nonce'), -12, 10 );
    13011301    if ( hash_equals( $expected, $nonce ) ) {
    13021302        return 1;
     
    13041304
    13051305    // Nonce generated 12-24 hours ago
    1306     $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
     1306    $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid, 'nonce' ), -12, 10 );
    13071307    if ( hash_equals( $expected, $nonce ) ) {
    13081308        return 2;
     
    13311331    $i = wp_nonce_tick();
    13321332
    1333     return substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10);
     1333    return substr(wp_hash($i . '|' . $action . '|' . $uid, 'nonce'), -12, 10);
    13341334}
    13351335endif;
Note: See TracChangeset for help on using the changeset viewer.