Make WordPress Core


Ignore:
Timestamp:
11/20/2014 12:05:39 PM (10 years ago)
Author:
nacin
Message:

Use hash_equals() for old md5 hashes.

Merges [30412] to the 3.7 branch.

Location:
branches/3.7
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.7

  • branches/3.7/src/wp-includes/pluggable.php

    r29410 r30416  
    14931493    // If the hash is still md5...
    14941494    if ( strlen($hash) <= 32 ) {
    1495         $check = ( $hash == md5($password) );
     1495        $check = hash_equals( $hash, md5( $password ) );
    14961496        if ( $check && $user_id ) {
    14971497            // Rehash using new hash.
Note: See TracChangeset for help on using the changeset viewer.