Make WordPress Core

Changeset 42296 for branches/4.1


Ignore:
Timestamp:
11/29/2017 04:34:18 PM (7 years ago)
Author:
johnbillion
Message:

Hardening: Use a properly generated hash for the newbloguser key instead of a determinate substring.

Merges [42258] to the 4.1 branch.

Location:
branches/4.1
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.1

  • branches/4.1/src/wp-admin/user-new.php

    r30940 r42296  
    7070            $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
    7171        } else {
    72             $newuser_key = substr( md5( $user_id ), 0, 5 );
     72            $newuser_key = wp_generate_password( 20, false );
    7373            add_option( 'new_user_' . $newuser_key, array( 'user_id' => $user_id, 'email' => $user_details->user_email, 'role' => $_REQUEST[ 'role' ] ) );
    7474
Note: See TracChangeset for help on using the changeset viewer.