mirror of
https://github.com/WordPress/WordPress.git
synced 2024-09-28 15:17:42 +02:00
Add some sanity checks
git-svn-id: http://svn.automattic.com/wordpress/trunk@7821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
08f237c227
commit
76a87862bf
@ -474,7 +474,11 @@ function wp_validate_auth_cookie($cookie = '') {
|
|||||||
$cookie = $_COOKIE[AUTH_COOKIE];
|
$cookie = $_COOKIE[AUTH_COOKIE];
|
||||||
}
|
}
|
||||||
|
|
||||||
list($username, $expiration, $hmac) = explode('|', $cookie);
|
$cookie_elements = explode('|', $cookie);
|
||||||
|
if ( count($cookie_elements) != 3 )
|
||||||
|
return false;
|
||||||
|
|
||||||
|
list($username, $expiration, $hmac) = $cookie_elements;
|
||||||
|
|
||||||
$expired = $expiration;
|
$expired = $expiration;
|
||||||
|
|
||||||
@ -482,11 +486,12 @@ function wp_validate_auth_cookie($cookie = '') {
|
|||||||
if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] )
|
if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] )
|
||||||
$expired += 3600;
|
$expired += 3600;
|
||||||
|
|
||||||
|
// Quick check to see if an honest cookie has expired
|
||||||
if ( $expired < time() )
|
if ( $expired < time() )
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
$key = wp_hash($username . $expiration);
|
$key = wp_hash($username . '|' . $expiration);
|
||||||
$hash = hash_hmac('md5', $username . $expiration, $key);
|
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
|
||||||
|
|
||||||
if ( $hmac != $hash )
|
if ( $hmac != $hash )
|
||||||
return false;
|
return false;
|
||||||
@ -514,8 +519,8 @@ if ( !function_exists('wp_generate_auth_cookie') ) :
|
|||||||
function wp_generate_auth_cookie($user_id, $expiration) {
|
function wp_generate_auth_cookie($user_id, $expiration) {
|
||||||
$user = get_userdata($user_id);
|
$user = get_userdata($user_id);
|
||||||
|
|
||||||
$key = wp_hash($user->user_login . $expiration);
|
$key = wp_hash($user->user_login . '|' . $expiration);
|
||||||
$hash = hash_hmac('md5', $user->user_login . $expiration, $key);
|
$hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key);
|
||||||
|
|
||||||
$cookie = $user->user_login . '|' . $expiration . '|' . $hash;
|
$cookie = $user->user_login . '|' . $expiration . '|' . $hash;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user