WordPress.org

Make WordPress Core

Changeset 7822


Ignore:
Timestamp:
04/25/2008 06:20:50 AM (10 years ago)
Author:
ryan
Message:

Add some sanity checks

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.5/wp-includes/pluggable.php

    r7803 r7822  
    475475    }
    476476
    477     list($username, $expiration, $hmac) = explode('|', $cookie);
     477    $cookie_elements = explode('|', $cookie);
     478    if ( count($cookie_elements) != 3 )
     479        return false;
     480
     481    list($username, $expiration, $hmac) = $cookie_elements;
    478482
    479483    $expired = $expiration;
     
    483487        $expired += 3600;
    484488
     489    // Quick check to see if an honest cookie has expired
    485490    if ( $expired < time() )
    486491        return false;
    487492
    488     $key = wp_hash($username . $expiration);
    489     $hash = hash_hmac('md5', $username . $expiration, $key);
     493    $key = wp_hash($username . '|' . $expiration);
     494    $hash = hash_hmac('md5', $username . '|' . $expiration, $key);
    490495
    491496    if ( $hmac != $hash )
     
    515520    $user = get_userdata($user_id);
    516521
    517     $key = wp_hash($user->user_login . $expiration);
    518     $hash = hash_hmac('md5', $user->user_login . $expiration, $key);
     522    $key = wp_hash($user->user_login . '|' . $expiration);
     523    $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
    519524
    520525    $cookie = $user->user_login . '|' . $expiration . '|' . $hash;
Note: See TracChangeset for help on using the changeset viewer.