WordPress.org

Make WordPress Core

Changeset 30412


Ignore:
Timestamp:
11/20/2014 11:48:11 AM (6 years ago)
Author:
nacin
Message:

Use hash_equals() for old md5 hashes.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r30381 r30412  
    19361936    // If the hash is still md5...
    19371937    if ( strlen($hash) <= 32 ) {
    1938         $check = ( $hash == md5($password) );
     1938        $check = hash_equals( $hash, md5( $password ) );
    19391939        if ( $check && $user_id ) {
    19401940            // Rehash using new hash.
Note: See TracChangeset for help on using the changeset viewer.