Hash post password in cookies. fixes #19797
git-svn-id: http://svn.automattic.com/wordpress/trunk@19728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
3c0d45d77c
commit
ed8c96636c
|
@ -558,6 +558,8 @@ function get_body_class( $class = '' ) {
|
||||||
* @return bool false if a password is not required or the correct password cookie is present, true otherwise.
|
* @return bool false if a password is not required or the correct password cookie is present, true otherwise.
|
||||||
*/
|
*/
|
||||||
function post_password_required( $post = null ) {
|
function post_password_required( $post = null ) {
|
||||||
|
global $wp_hasher;
|
||||||
|
|
||||||
$post = get_post($post);
|
$post = get_post($post);
|
||||||
|
|
||||||
if ( empty( $post->post_password ) )
|
if ( empty( $post->post_password ) )
|
||||||
|
@ -566,10 +568,15 @@ function post_password_required( $post = null ) {
|
||||||
if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
|
if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
if ( stripslashes( $_COOKIE['wp-postpass_' . COOKIEHASH] ) != $post->post_password )
|
if ( empty( $wp_hasher ) ) {
|
||||||
return true;
|
require_once( ABSPATH . 'wp-includes/class-phpass.php');
|
||||||
|
// By default, use the portable hash from phpass
|
||||||
|
$wp_hasher = new PasswordHash(8, true);
|
||||||
|
}
|
||||||
|
|
||||||
return false;
|
$hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
|
||||||
|
|
||||||
|
return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -9,8 +9,14 @@
|
||||||
/** Make sure that the WordPress bootstrap has run before continuing. */
|
/** Make sure that the WordPress bootstrap has run before continuing. */
|
||||||
require( dirname( __FILE__ ) . '/wp-load.php');
|
require( dirname( __FILE__ ) . '/wp-load.php');
|
||||||
|
|
||||||
|
if ( empty( $wp_hasher ) ) {
|
||||||
|
require_once( ABSPATH . 'wp-includes/class-phpass.php');
|
||||||
|
// By default, use the portable hash from phpass
|
||||||
|
$wp_hasher = new PasswordHash(8, true);
|
||||||
|
}
|
||||||
|
|
||||||
// 10 days
|
// 10 days
|
||||||
setcookie('wp-postpass_' . COOKIEHASH, stripslashes( $_POST['post_password'] ), time() + 864000, COOKIEPATH);
|
setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH );
|
||||||
|
|
||||||
wp_safe_redirect( wp_get_referer() );
|
wp_safe_redirect( wp_get_referer() );
|
||||||
exit;
|
exit;
|
||||||
|
|
Loading…
Reference in New Issue