Make WordPress Core


Ignore:
Timestamp:
06/16/2018 02:09:58 PM (6 years ago)
Author:
johnbillion
Message:

Security: Harden the random aspect of the hash used for user profile and admin email address changes.

Props BjornW

Fixes #43771

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/misc.php

    r43363 r43367  
    12061206    }
    12071207
    1208     $hash            = md5( $value . time() . mt_rand() );
     1208    $hash            = md5( $value . time() . wp_rand() );
    12091209    $new_admin_email = array(
    12101210        'hash'     => $hash,
Note: See TracChangeset for help on using the changeset viewer.