WordPress.org

Make WordPress Core

Changeset 7821


Ignore:
Timestamp:
04/25/08 06:20:18 (6 years ago)
Author:
ryan
Message:

Add some sanity checks

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r7802 r7821  
    475475    } 
    476476 
    477     list($username, $expiration, $hmac) = explode('|', $cookie); 
     477    $cookie_elements = explode('|', $cookie); 
     478    if ( count($cookie_elements) != 3 ) 
     479        return false; 
     480 
     481    list($username, $expiration, $hmac) = $cookie_elements; 
    478482 
    479483    $expired = $expiration; 
     
    483487        $expired += 3600; 
    484488 
     489    // Quick check to see if an honest cookie has expired 
    485490    if ( $expired < time() ) 
    486491        return false; 
    487492 
    488     $key = wp_hash($username . $expiration); 
    489     $hash = hash_hmac('md5', $username . $expiration, $key); 
     493    $key = wp_hash($username . '|' . $expiration); 
     494    $hash = hash_hmac('md5', $username . '|' . $expiration, $key); 
    490495 
    491496    if ( $hmac != $hash ) 
     
    515520    $user = get_userdata($user_id); 
    516521 
    517     $key = wp_hash($user->user_login . $expiration); 
    518     $hash = hash_hmac('md5', $user->user_login . $expiration, $key); 
     522    $key = wp_hash($user->user_login . '|' . $expiration); 
     523    $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key); 
    519524 
    520525    $cookie = $user->user_login . '|' . $expiration . '|' . $hash; 
Note: See TracChangeset for help on using the changeset viewer.