Changeset 30467
- Timestamp:
- 11/20/2014 04:04:26 PM (10 years ago)
- Location:
- branches/4.0
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.0
-
branches/4.0/src/wp-includes/class-phpass.php
r26868 r30467 215 215 function HashPassword($password) 216 216 { 217 if ( strlen( $password ) > 4096 ) { 218 return '*'; 219 } 220 217 221 $random = ''; 218 222 … … 250 254 function CheckPassword($password, $stored_hash) 251 255 { 256 if ( strlen( $password ) > 4096 ) { 257 return false; 258 } 259 252 260 $hash = $this->crypt_private($password, $stored_hash); 253 261 if ($hash[0] == '*') -
branches/4.0/tests/phpunit/tests/auth.php
r29620 r30467 3 3 /** 4 4 * @group pluggable 5 * @group auth 5 6 */ 6 7 class Tests_Auth extends WP_UnitTestCase { … … 100 101 $this->assertFalse( wp_verify_nonce( null ) ); 101 102 } 103 104 function test_password_length_limit() { 105 $passwords = array( 106 str_repeat( 'a', 4095 ), // short 107 str_repeat( 'a', 4096 ), // limit 108 str_repeat( 'a', 4097 ), // long 109 ); 110 111 $user_id = $this->factory->user->create( array( 'user_login' => 'password-length-test' ) ); 112 113 wp_set_password( $passwords[1], $user_id ); 114 $user = get_user_by( 'id', $user_id ); 115 // phpass hashed password 116 $this->assertStringStartsWith( '$P$', $user->data->user_pass ); 117 118 $user = wp_authenticate( 'password-length-test', $passwords[0] ); 119 // Wrong Password 120 $this->assertInstanceOf( 'WP_Error', $user ); 121 122 $user = wp_authenticate( 'password-length-test', $passwords[1] ); 123 $this->assertInstanceOf( 'WP_User', $user ); 124 $this->assertEquals( $user_id, $user->ID ); 125 126 $user = wp_authenticate( 'password-length-test', $passwords[2] ); 127 // Wrong Password 128 $this->assertInstanceOf( 'WP_Error', $user ); 129 130 131 wp_set_password( $passwords[2], $user_id ); 132 $user = get_user_by( 'id', $user_id ); 133 // Password broken by setting it to be too long. 134 $this->assertEquals( '*', $user->data->user_pass ); 135 136 $user = wp_authenticate( 'password-length-test', $passwords[0] ); 137 // Wrong Password 138 $this->assertInstanceOf( 'WP_Error', $user ); 139 140 $user = wp_authenticate( 'password-length-test', $passwords[1] ); 141 // Wrong Password 142 $this->assertInstanceOf( 'WP_Error', $user ); 143 144 $user = wp_authenticate( 'password-length-test', $passwords[2] ); 145 // Password broken by setting it to be too long. 146 $this->assertInstanceOf( 'WP_Error', $user ); 147 } 102 148 }
Note: See TracChangeset
for help on using the changeset viewer.