Recovery Mode: Use PasswordHash API directly when validating keys.
Previously, the wp_check_password function was used for validating keys, while the PasswordHash class was used for creating keys. This would prevent Recovery Mode from working on sites that provide a custom implementation for the wp_check_password pluggable function. Props calvinalkan. Fixes #56787. Built from https://develop.svn.wordpress.org/trunk@55397 git-svn-id: http://core.svn.wordpress.org/trunk@54930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
57d8df8ab1
commit
9b806a3114
|
@ -85,12 +85,15 @@ final class WP_Recovery_Mode_Key_Service {
|
||||||
*
|
*
|
||||||
* @since 5.2.0
|
* @since 5.2.0
|
||||||
*
|
*
|
||||||
|
* @global PasswordHash $wp_hasher
|
||||||
|
*
|
||||||
* @param string $token The token used when generating the given key.
|
* @param string $token The token used when generating the given key.
|
||||||
* @param string $key The unhashed key.
|
* @param string $key The unhashed key.
|
||||||
* @param int $ttl Time in seconds for the key to be valid for.
|
* @param int $ttl Time in seconds for the key to be valid for.
|
||||||
* @return true|WP_Error True on success, error object on failure.
|
* @return true|WP_Error True on success, error object on failure.
|
||||||
*/
|
*/
|
||||||
public function validate_recovery_mode_key( $token, $key, $ttl ) {
|
public function validate_recovery_mode_key( $token, $key, $ttl ) {
|
||||||
|
global $wp_hasher;
|
||||||
|
|
||||||
$records = $this->get_keys();
|
$records = $this->get_keys();
|
||||||
|
|
||||||
|
@ -106,7 +109,12 @@ final class WP_Recovery_Mode_Key_Service {
|
||||||
return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) );
|
return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! wp_check_password( $key, $record['hashed_key'] ) ) {
|
if ( empty( $wp_hasher ) ) {
|
||||||
|
require_once ABSPATH . WPINC . '/class-phpass.php';
|
||||||
|
$wp_hasher = new PasswordHash( 8, true );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ! $wp_hasher->CheckPassword( $key, $record['hashed_key'] ) ) {
|
||||||
return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );
|
return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '6.2-beta2-55396';
|
$wp_version = '6.2-beta2-55397';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue