Changeset 33019 for trunk/src/wp-includes/user.php
- Timestamp:
- 07/01/2015 06:32:07 AM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/user.php
r32980 r33019 2459 2459 } 2460 2460 2461 if ( $wp_hasher->CheckPassword( $key, $row->user_activation_key ) ) 2461 /** 2462 * Filter the expiration time of password reset keys. 2463 * 2464 * @since 4.3.0 2465 * 2466 * @param int $expiration The expiration time in seconds. 2467 */ 2468 $expiration_duration = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS ); 2469 2470 if ( false !== strpos( $row->user_activation_key, ':' ) ) { 2471 list( $pass_request_time, $pass_key ) = explode( ':', $row->user_activation_key, 2 ); 2472 $expiration_time = $pass_request_time + $expiration_duration; 2473 } else { 2474 $pass_key = $row->user_activation_key; 2475 $expiration_time = false; 2476 } 2477 2478 $hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key ); 2479 2480 if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) { 2462 2481 return get_userdata( $row->ID ); 2463 2464 if ( $key === $row->user_activation_key ) { 2482 } elseif ( $hash_is_correct && $expiration_time ) { 2483 // Key has an expiration time that's passed 2484 return new WP_Error( 'expired_key', __( 'Invalid key' ) ); 2485 } 2486 2487 if ( hash_equals( $row->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) { 2465 2488 $return = new WP_Error( 'expired_key', __( 'Invalid key' ) ); 2466 2489 $user_id = $row->ID; … … 2468 2491 /** 2469 2492 * Filter the return value of check_password_reset_key() when an 2470 * old-style key is used (plain-text key was stored in the database).2493 * old-style key is used. 2471 2494 * 2472 * @since 3.7.0 2495 * @since 3.7.0 Previously plain-text keys were stored in the database. 2496 * @since 4.3.0 Previously key hashes were stored without an expiration time. 2473 2497 * 2474 2498 * @param WP_Error $return A WP_Error object denoting an expired key.
Note: See TracChangeset
for help on using the changeset viewer.