mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-22 09:07:59 +01:00
Hash post password in cookies. fixes #19797
git-svn-id: http://svn.automattic.com/wordpress/trunk@19728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
3c0d45d77c
commit
ed8c96636c
@ -558,18 +558,25 @@ function get_body_class( $class = '' ) {
|
||||
* @return bool false if a password is not required or the correct password cookie is present, true otherwise.
|
||||
*/
|
||||
function post_password_required( $post = null ) {
|
||||
global $wp_hasher;
|
||||
|
||||
$post = get_post($post);
|
||||
|
||||
if ( empty($post->post_password) )
|
||||
if ( empty( $post->post_password ) )
|
||||
return false;
|
||||
|
||||
if ( !isset($_COOKIE['wp-postpass_' . COOKIEHASH]) )
|
||||
if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
|
||||
return true;
|
||||
|
||||
if ( stripslashes( $_COOKIE['wp-postpass_' . COOKIEHASH] ) != $post->post_password )
|
||||
return true;
|
||||
if ( empty( $wp_hasher ) ) {
|
||||
require_once( ABSPATH . 'wp-includes/class-phpass.php');
|
||||
// By default, use the portable hash from phpass
|
||||
$wp_hasher = new PasswordHash(8, true);
|
||||
}
|
||||
|
||||
return false;
|
||||
$hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
|
||||
|
||||
return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
|
||||
}
|
||||
|
||||
/**
|
||||
|
12
wp-pass.php
12
wp-pass.php
@ -7,10 +7,16 @@
|
||||
*/
|
||||
|
||||
/** Make sure that the WordPress bootstrap has run before continuing. */
|
||||
require( dirname(__FILE__) . '/wp-load.php');
|
||||
require( dirname( __FILE__ ) . '/wp-load.php');
|
||||
|
||||
if ( empty( $wp_hasher ) ) {
|
||||
require_once( ABSPATH . 'wp-includes/class-phpass.php');
|
||||
// By default, use the portable hash from phpass
|
||||
$wp_hasher = new PasswordHash(8, true);
|
||||
}
|
||||
|
||||
// 10 days
|
||||
setcookie('wp-postpass_' . COOKIEHASH, stripslashes( $_POST['post_password'] ), time() + 864000, COOKIEPATH);
|
||||
setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH );
|
||||
|
||||
wp_safe_redirect(wp_get_referer());
|
||||
wp_safe_redirect( wp_get_referer() );
|
||||
exit;
|
||||
|
Loading…
Reference in New Issue
Block a user