Make WordPress Core


Ignore:
Timestamp:
07/01/2015 06:32:07 AM (9 years ago)
Author:
dd32
Message:

Expire password reset links after 24 hours (by default). This causes existing password reset links to become invalid.

Props markjaquith, voldemortensen, johnbillion, MikeHansenMe, dd32
See #32429

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r32980 r33019  
    24592459    }
    24602460
    2461     if ( $wp_hasher->CheckPassword( $key, $row->user_activation_key ) )
     2461    /**
     2462     * Filter the expiration time of password reset keys.
     2463     *
     2464     * @since 4.3.0
     2465     *
     2466     * @param int $expiration The expiration time in seconds.
     2467     */
     2468    $expiration_duration = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS );
     2469
     2470    if ( false !== strpos( $row->user_activation_key, ':' ) ) {
     2471        list( $pass_request_time, $pass_key ) = explode( ':', $row->user_activation_key, 2 );
     2472        $expiration_time = $pass_request_time + $expiration_duration;
     2473    } else {
     2474        $pass_key = $row->user_activation_key;
     2475        $expiration_time = false;
     2476    }
     2477
     2478    $hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key );
     2479
     2480    if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) {
    24622481        return get_userdata( $row->ID );
    2463 
    2464     if ( $key === $row->user_activation_key ) {
     2482    } elseif ( $hash_is_correct && $expiration_time ) {
     2483        // Key has an expiration time that's passed
     2484        return new WP_Error( 'expired_key', __( 'Invalid key' ) );
     2485    }
     2486
     2487    if ( hash_equals( $row->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) {
    24652488        $return = new WP_Error( 'expired_key', __( 'Invalid key' ) );
    24662489        $user_id = $row->ID;
     
    24682491        /**
    24692492         * Filter the return value of check_password_reset_key() when an
    2470          * old-style key is used (plain-text key was stored in the database).
     2493         * old-style key is used.
    24712494         *
    2472          * @since 3.7.0
     2495         * @since 3.7.0 Previously plain-text keys were stored in the database.
     2496         * @since 4.3.0 Previously key hashes were stored without an expiration time.
    24732497         *
    24742498         * @param WP_Error $return  A WP_Error object denoting an expired key.
Note: See TracChangeset for help on using the changeset viewer.