Changes between Initial Version and Version 1 of Ticket #62954, comment 1
- Timestamp:
- 09/07/2025 02:12:29 PM (3 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #62954, comment 1
initial v1 6 6 I'm trying to figure out what would be a good patch for this. 7 7 8 For password generation I assume that `password_hash` is the way to go here. But I wonder if this could not cause some backwards compatibility troubles, on how `post_password` is currently defined and made. Considering that this is a flaw, I assume that we thinking on a new option, must override any BC limitations, right? (I don't have much experience on how this has been approached historically)8 For password generation I assume that `password_hash` on the fly is the way to go here. 9 9 10 10 Handling of the password could be in this form (I've picked part of this content, like the randomization, from a plugin snippet that does something similar). … … 12 12 {{{ 13 13 $pw = $_POST['post_tokenized_pass']; 14 $hash = get_post_meta($post->ID, '_hashed_post_password', true);14 $hash = password_hash(the_post_password()); 15 15 if ($hash && password_verify($pw, $hash)) { 16 16 $token = bin2hex(random_bytes(24)); … … 23 23 24 24 So basically, with an access token approach, two potential issues come to my mind: 25 - BC issues25 - BC potential issues? 26 26 - Potential DB Performance issues 27 27