diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php index 61798c3798..a375b0ee06 100644 --- a/wp-includes/link-template.php +++ b/wp-includes/link-template.php @@ -4289,7 +4289,7 @@ function the_shortlink( $text = '', $title = '', $before = '', $after = '' ) { * * @since 4.2.0 * - * @param mixed $id_or_email The avatar to retrieve a URL for. Accepts a user ID, Gravatar MD5 hash, + * @param mixed $id_or_email The avatar to retrieve a URL for. Accepts a user ID, Gravatar SHA-256 or MD5 hash, * user email, WP_User object, WP_Post object, or WP_Comment object. * @param array $args { * Optional. Arguments to use instead of the default arguments. @@ -4353,8 +4353,9 @@ function is_avatar_comment_type( $comment_type ) { * * @since 4.2.0 * @since 6.7.0 Gravatar URLs always use HTTPS. + * @since 6.8.0 Gravatar URLs use the SHA-256 hashing algorithm. * - * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash, + * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar SHA-256 or MD5 hash, * user email, WP_User object, WP_Post object, or WP_Comment object. * @param array $args { * Optional. Arguments to use instead of the default arguments. @@ -4474,7 +4475,7 @@ function get_avatar_data( $id_or_email, $args = null ) { * @since 4.2.0 * * @param array $args Arguments passed to get_avatar_data(), after processing. - * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash, + * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar SHA-256 or MD5 hash, * user email, WP_User object, WP_Post object, or WP_Comment object. */ $args = apply_filters( 'pre_get_avatar_data', $args, $id_or_email ); @@ -4496,7 +4497,10 @@ function get_avatar_data( $id_or_email, $args = null ) { if ( is_numeric( $id_or_email ) ) { $user = get_user_by( 'id', absint( $id_or_email ) ); } elseif ( is_string( $id_or_email ) ) { - if ( str_contains( $id_or_email, '@md5.gravatar.com' ) ) { + if ( str_contains( $id_or_email, '@sha256.gravatar.com' ) ) { + // SHA-256 hash. + list( $email_hash ) = explode( '@', $id_or_email ); + } else if ( str_contains( $id_or_email, '@md5.gravatar.com' ) ) { // MD5 hash. list( $email_hash ) = explode( '@', $id_or_email ); } else { @@ -4530,7 +4534,7 @@ function get_avatar_data( $id_or_email, $args = null ) { } if ( $email ) { - $email_hash = md5( strtolower( trim( $email ) ) ); + $email_hash = hash( 'sha256', strtolower( trim( $email ) ) ); } } @@ -4564,7 +4568,7 @@ function get_avatar_data( $id_or_email, $args = null ) { * @since 4.2.0 * * @param string $url The URL of the avatar. - * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash, + * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar SHA-256 or MD5 hash, * user email, WP_User object, WP_Post object, or WP_Comment object. * @param array $args Arguments passed to get_avatar_data(), after processing. */ @@ -4576,7 +4580,7 @@ function get_avatar_data( $id_or_email, $args = null ) { * @since 4.2.0 * * @param array $args Arguments passed to get_avatar_data(), after processing. - * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash, + * @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar SHA-256 or MD5 hash, * user email, WP_User object, WP_Post object, or WP_Comment object. */ return apply_filters( 'get_avatar_data', $args, $id_or_email ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 6c62a039a4..e33a5c3c10 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.8-alpha-59531'; +$wp_version = '6.8-alpha-59532'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.