WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use delimiters when building nonce hashes. Part two of [29388]. 

Built from https://develop.svn.wordpress.org/branches/3.7@29410


git-svn-id: http://core.svn.wordpress.org/branches/3.7@29188 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2014-08-06 17:59:09 +00:00
parent 69d28f882f
commit 635a071eda
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-includes/pluggable.php
View File

@ -1297,13 +1297,13 @@ function wp_verify_nonce($nonce, $action = -1) {
$i = wp_nonce_tick();
// Nonce generated 0-12 hours ago
$expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10 );
$expected = substr( wp_hash( $i . '|' . $action . '|' . $uid, 'nonce'), -12, 10 );
if ( hash_equals( $expected, $nonce ) ) {
return 1;
}
// Nonce generated 12-24 hours ago
$expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
$expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid, 'nonce' ), -12, 10 );
if ( hash_equals( $expected, $nonce ) ) {
return 2;
}
@ -1330,7 +1330,7 @@ function wp_create_nonce($action = -1) {
$i = wp_nonce_tick();
return substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10);
return substr(wp_hash($i . '|' . $action . '|' . $uid, 'nonce'), -12, 10);
}
endif;