WordPress.org

Make WordPress Core


Ignore:
Timestamp:
11/20/2014 12:01:29 PM (6 years ago)
Author:
nacin
Message:

Use hash_equals() for old md5 hashes.

Merges [30412] to the 3.9 branch.

Location:
branches/3.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.9

  • branches/3.9/src/wp-includes/pluggable.php

    r29408 r30414  
    18701870    // If the hash is still md5...
    18711871    if ( strlen($hash) <= 32 ) {
    1872         $check = ( $hash == md5($password) );
     1872        $check = hash_equals( $hash, md5( $password ) );
    18731873        if ( $check && $user_id ) {
    18741874            // Rehash using new hash.
Note: See TracChangeset for help on using the changeset viewer.