From f8e7680cd61652b16d30948968adafe0d4dcdd54 Mon Sep 17 00:00:00 2001
From: Dominik Schilling <dominikschilling+git@gmail.com>
Date: Sun, 10 Jul 2016 19:43:28 +0000
Subject: [PATCH] Multisite: Use `hash_equals()` when comparing hashes to
 mitigate timing attacks.

Fixes #37324.
Built from https://develop.svn.wordpress.org/trunk@38032


git-svn-id: http://core.svn.wordpress.org/trunk@37973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/ms-delete-site.php | 2 +-
 wp-admin/options.php        | 2 +-
 wp-includes/version.php     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/wp-admin/ms-delete-site.php b/wp-admin/ms-delete-site.php
index 282c3fac61..9424ae1970 100644
--- a/wp-admin/ms-delete-site.php
+++ b/wp-admin/ms-delete-site.php
@@ -16,7 +16,7 @@ if ( ! current_user_can( 'delete_site' ) )
 	wp_die(__( 'Sorry, you are not allowed to delete this site.'));
 
 if ( isset( $_GET['h'] ) && $_GET['h'] != '' && get_option( 'delete_blog_hash' ) != false ) {
-	if ( get_option( 'delete_blog_hash' ) == $_GET['h'] ) {
+	if ( hash_equals( get_option( 'delete_blog_hash' ), $_GET['h'] ) ) {
 		wpmu_delete_blog( $wpdb->blogid );
 		wp_die( sprintf( __( 'Thank you for using %s, your site has been deleted. Happy trails to you until we meet again.' ), $current_site->site_name ) );
 	} else {
diff --git a/wp-admin/options.php b/wp-admin/options.php
index f39a0aac1a..f319d5208e 100644
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -57,7 +57,7 @@ if ( is_multisite() ) {
 	if ( ! empty($_GET[ 'adminhash' ] ) ) {
 		$new_admin_details = get_option( 'adminhash' );
 		$redirect = 'options-general.php?updated=false';
-		if ( is_array( $new_admin_details ) && $new_admin_details[ 'hash' ] == $_GET[ 'adminhash' ] && !empty($new_admin_details[ 'newemail' ]) ) {
+		if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'adminhash' ] ) && !empty($new_admin_details[ 'newemail' ]) ) {
 			update_option( 'admin_email', $new_admin_details[ 'newemail' ] );
 			delete_option( 'adminhash' );
 			delete_option( 'new_admin_email' );
diff --git a/wp-includes/version.php b/wp-includes/version.php
index f74d18ed70..ff67ad2fd7 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.6-beta2-38031';
+$wp_version = '4.6-beta2-38032';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.