WordPress.org

Make WordPress Core

Changeset 30413


Ignore:
Timestamp:
11/20/2014 12:01:09 PM (5 years ago)
Author:
nacin
Message:

Use hash_equals() for old md5 hashes.

Merges [30412] to the 4.0 branch.

Location:
branches/4.0
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.0

  • branches/4.0/src/wp-includes/pluggable.php

    r29761 r30413  
    19401940    // If the hash is still md5...
    19411941    if ( strlen($hash) <= 32 ) {
    1942         $check = ( $hash == md5($password) );
     1942        $check = hash_equals( $hash, md5( $password ) );
    19431943        if ( $check && $user_id ) {
    19441944            // Rehash using new hash.
Note: See TracChangeset for help on using the changeset viewer.