WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Load: Only load `PasswordHash` class when needed. 

This reverts [38371] which loaded `class-phpass.php` early in `wp-settings.php` and in turn caused backward compatibility problems.

Props DavidAnderson, ketuchetan.
Fixes #39445.

Built from https://develop.svn.wordpress.org/trunk@40387


git-svn-id: http://core.svn.wordpress.org/trunk@40294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Pascal Birchler 2017-04-06 18:01:42 +00:00
parent 5584f22d53
commit 72c19648bc
6 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-includes/pluggable.php
View File

@ -1805,6 +1805,7 @@ function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' )
// Now insert the key, hashed, into the DB.
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
$hashed = time() . ':' . $wp_hasher->HashPassword( $key );
@ -2085,6 +2086,7 @@ function wp_hash_password($password) {
global $wp_hasher;
if ( empty($wp_hasher) ) {
require_once( ABSPATH . WPINC . '/class-phpass.php');
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}
@ -2144,6 +2146,7 @@ function wp_check_password($password, $hash, $user_id = '') {
// If the stored hash is longer than an MD5, presume the
// new style phpass portable hash.
if ( empty($wp_hasher) ) {
require_once( ABSPATH . WPINC . '/class-phpass.php');
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}

1
wp-includes/post-template.php
View File

@ -793,6 +793,7 @@ function post_password_required( $post = null ) {
return apply_filters( 'post_password_required', true, $post );
}
require_once ABSPATH . WPINC . '/class-phpass.php';
$hasher = new PasswordHash( 8, true );
$hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );

2
wp-includes/user.php
View File

@ -2121,6 +2121,7 @@ function get_password_reset_key( $user ) {
// Now insert the key, hashed, into the DB.
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
$hashed = time() . ':' . $wp_hasher->HashPassword( $key );
@ -2165,6 +2166,7 @@ function check_password_reset_key($key, $login) {
return new WP_Error('invalid_key', __('Invalid key'));
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.8-alpha-40382';
$wp_version = '4.8-alpha-40387';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

1
wp-login.php
View File

@ -438,6 +438,7 @@ case 'postpass' :
exit();
}
require_once ABSPATH . WPINC . '/class-phpass.php';
$hasher = new PasswordHash( 8, true );
/**

1
wp-settings.php
View File

@ -100,7 +100,6 @@ require( ABSPATH . WPINC . '/class-wp-matchesmapregex.php' );
require( ABSPATH . WPINC . '/class-wp.php' );
require( ABSPATH . WPINC . '/class-wp-error.php' );
require( ABSPATH . WPINC . '/pomo/mo.php' );
require( ABSPATH . WPINC . '/class-phpass.php' );
// Include the wpdb class and, if present, a db.php database drop-in.
global $wpdb;