Make WordPress Core


Ignore:
Timestamp:
11/20/2014 04:02:55 PM (10 years ago)
Author:
nacin
Message:

Prevent high resource usage when hashing large passwords. props mdawaffe, pento

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-phpass.php

    r26868 r30466  
    215215    function HashPassword($password)
    216216    {
     217        if ( strlen( $password ) > 4096 ) {
     218            return '*';
     219        }
     220
    217221        $random = '';
    218222
     
    250254    function CheckPassword($password, $stored_hash)
    251255    {
     256        if ( strlen( $password ) > 4096 ) {
     257            return false;
     258        }
     259
    252260        $hash = $this->crypt_private($password, $stored_hash);
    253261        if ($hash[0] == '*')
Note: See TracChangeset for help on using the changeset viewer.