Make WordPress Core

Changeset 42288 for branches/4.3


Ignore:
Timestamp:
11/29/2017 04:29:06 PM (7 years ago)
Author:
johnbillion
Message:

Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring.

Merges [42258] to the 4.3 branch.

Location:
branches/4.3
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.3

  • branches/4.3/src/wp-admin/user-new.php

    r33450 r42288  
    7575            $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
    7676        } else {
    77             $newuser_key = substr( md5( $user_id ), 0, 5 );
     77            $newuser_key = wp_generate_password( 20, false );
    7878            add_option( 'new_user_' . $newuser_key, array( 'user_id' => $user_id, 'email' => $user_details->user_email, 'role' => $_REQUEST[ 'role' ] ) );
    7979
Note: See TracChangeset for help on using the changeset viewer.