Privacy: Use SHA-256 hashing algorithm for Gravatar.
This aims to improve privacy by switching to a more secure algorithm, as an MD5 string can be reversed. Follow-up to [6748], [31107]. Props henry.wright, jucaduca, haozi, desrosj, dd32, SergeyBiryukov. See #60638. Built from https://develop.svn.wordpress.org/trunk@59532 git-svn-id: http://core.svn.wordpress.org/trunk@58918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov
parent
469695a82b
commit
d427228024
|
|
@ -4289,7 +4289,7 @@ function the_shortlink( $text = '', $title = '', $before = '', $after = '' ) {
|
|||
*
|
||||
* @since 4.2.0
|
||||
*
|
||||
* @param mixed $id_or_email The avatar to retrieve a URL for. Accepts a user ID, Gravatar MD5 hash,
|
||||
* @param mixed $id_or_email The avatar to retrieve a URL for. Accepts a user ID, Gravatar SHA-256 or MD5 hash,
|
||||
* user email, WP_User object, WP_Post object, or WP_Comment object.
|
||||
* @param array $args {
|
||||
* Optional. Arguments to use instead of the default arguments.
|
||||
|
|
@ -4353,8 +4353,9 @@ function is_avatar_comment_type( $comment_type ) {
|
|||
*
|
||||
* @since 4.2.0
|
||||
* @since 6.7.0 Gravatar URLs always use HTTPS.
|
||||
* @since 6.8.0 Gravatar URLs use the SHA-256 hashing algorithm.
|
||||
*
|
||||
* @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash,
|
||||
* @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar SHA-256 or MD5 hash,
|
||||
* user email, WP_User object, WP_Post object, or WP_Comment object.
|
||||
* @param array $args {
|
||||
* Optional. Arguments to use instead of the default arguments.
|
||||
|
|
@ -4474,7 +4475,7 @@ function get_avatar_data( $id_or_email, $args = null ) {
|
|||
* @since 4.2.0
|
||||
*
|
||||
* @param array $args Arguments passed to get_avatar_data(), after processing.
|
||||
* @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash,
|
||||
* @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar SHA-256 or MD5 hash,
|
||||
* user email, WP_User object, WP_Post object, or WP_Comment object.
|
||||
*/
|
||||
$args = apply_filters( 'pre_get_avatar_data', $args, $id_or_email );
|
||||
|
|
@ -4496,7 +4497,10 @@ function get_avatar_data( $id_or_email, $args = null ) {
|
|||
if ( is_numeric( $id_or_email ) ) {
|
||||
$user = get_user_by( 'id', absint( $id_or_email ) );
|
||||
} elseif ( is_string( $id_or_email ) ) {
|
||||
if ( str_contains( $id_or_email, '@md5.gravatar.com' ) ) {
|
||||
if ( str_contains( $id_or_email, '@sha256.gravatar.com' ) ) {
|
||||
// SHA-256 hash.
|
||||
list( $email_hash ) = explode( '@', $id_or_email );
|
||||
} else if ( str_contains( $id_or_email, '@md5.gravatar.com' ) ) {
|
||||
// MD5 hash.
|
||||
list( $email_hash ) = explode( '@', $id_or_email );
|
||||
} else {
|
||||
|
|
@ -4530,7 +4534,7 @@ function get_avatar_data( $id_or_email, $args = null ) {
|
|||
}
|
||||
|
||||
if ( $email ) {
|
||||
$email_hash = md5( strtolower( trim( $email ) ) );
|
||||
$email_hash = hash( 'sha256', strtolower( trim( $email ) ) );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -4564,7 +4568,7 @@ function get_avatar_data( $id_or_email, $args = null ) {
|
|||
* @since 4.2.0
|
||||
*
|
||||
* @param string $url The URL of the avatar.
|
||||
* @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash,
|
||||
* @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar SHA-256 or MD5 hash,
|
||||
* user email, WP_User object, WP_Post object, or WP_Comment object.
|
||||
* @param array $args Arguments passed to get_avatar_data(), after processing.
|
||||
*/
|
||||
|
|
@ -4576,7 +4580,7 @@ function get_avatar_data( $id_or_email, $args = null ) {
|
|||
* @since 4.2.0
|
||||
*
|
||||
* @param array $args Arguments passed to get_avatar_data(), after processing.
|
||||
* @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar MD5 hash,
|
||||
* @param mixed $id_or_email The avatar to retrieve. Accepts a user ID, Gravatar SHA-256 or MD5 hash,
|
||||
* user email, WP_User object, WP_Post object, or WP_Comment object.
|
||||
*/
|
||||
return apply_filters( 'get_avatar_data', $args, $id_or_email );
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '6.8-alpha-59531';
|
||||
$wp_version = '6.8-alpha-59532';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
|
|||
Loading…
Reference in New Issue