mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 01:27:36 +01:00
Validate post password hash.
git-svn-id: http://core.svn.wordpress.org/trunk@24466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
be01fce99f
commit
95800ae4f2
@ -588,8 +588,6 @@ function get_body_class( $class = '' ) {
|
|||||||
* @return bool false if a password is not required or the correct password cookie is present, true otherwise.
|
* @return bool false if a password is not required or the correct password cookie is present, true otherwise.
|
||||||
*/
|
*/
|
||||||
function post_password_required( $post = null ) {
|
function post_password_required( $post = null ) {
|
||||||
global $wp_hasher;
|
|
||||||
|
|
||||||
$post = get_post($post);
|
$post = get_post($post);
|
||||||
|
|
||||||
if ( empty( $post->post_password ) )
|
if ( empty( $post->post_password ) )
|
||||||
@ -598,15 +596,14 @@ function post_password_required( $post = null ) {
|
|||||||
if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
|
if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
if ( empty( $wp_hasher ) ) {
|
require_once ABSPATH . 'wp-includes/class-phpass.php';
|
||||||
require_once( ABSPATH . 'wp-includes/class-phpass.php');
|
$hasher = new PasswordHash( 8, true );
|
||||||
// By default, use the portable hash from phpass
|
|
||||||
$wp_hasher = new PasswordHash(8, true);
|
|
||||||
}
|
|
||||||
|
|
||||||
$hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
|
$hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
|
||||||
|
if ( 0 !== strpos( $hash, '$P$B' ) )
|
||||||
|
return true;
|
||||||
|
|
||||||
return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
|
return ! $hasher->CheckPassword( $post->post_password, $hash );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -407,14 +407,11 @@ $interim_login = isset($_REQUEST['interim-login']);
|
|||||||
switch ($action) {
|
switch ($action) {
|
||||||
|
|
||||||
case 'postpass' :
|
case 'postpass' :
|
||||||
if ( empty( $wp_hasher ) ) {
|
require_once ABSPATH . 'wp-includes/class-phpass.php';
|
||||||
require_once( ABSPATH . 'wp-includes/class-phpass.php' );
|
$hasher = new PasswordHash( 8, true );
|
||||||
// By default, use the portable hash from phpass
|
|
||||||
$wp_hasher = new PasswordHash(8, true);
|
|
||||||
}
|
|
||||||
|
|
||||||
// 10 days
|
// 10 days
|
||||||
setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
|
setcookie( 'wp-postpass_' . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
|
||||||
|
|
||||||
wp_safe_redirect( wp_get_referer() );
|
wp_safe_redirect( wp_get_referer() );
|
||||||
exit();
|
exit();
|
||||||
|
Loading…
Reference in New Issue
Block a user