Hash post password in cookies. fixes #19797

git-svn-id: http://svn.automattic.com/wordpress/trunk@19728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2012-01-11 16:42:42 +00:00
parent 3c0d45d77c
commit ed8c96636c
2 changed files with 21 additions and 8 deletions

View File

@ -558,6 +558,8 @@ function get_body_class( $class = '' ) {
* @return bool false if a password is not required or the correct password cookie is present, true otherwise. * @return bool false if a password is not required or the correct password cookie is present, true otherwise.
*/ */
function post_password_required( $post = null ) { function post_password_required( $post = null ) {
global $wp_hasher;
$post = get_post($post); $post = get_post($post);
if ( empty( $post->post_password ) ) if ( empty( $post->post_password ) )
@ -566,10 +568,15 @@ function post_password_required( $post = null ) {
if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) ) if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
return true; return true;
if ( stripslashes( $_COOKIE['wp-postpass_' . COOKIEHASH] ) != $post->post_password ) if ( empty( $wp_hasher ) ) {
return true; require_once( ABSPATH . 'wp-includes/class-phpass.php');
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}
return false; $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
} }
/** /**

View File

@ -9,8 +9,14 @@
/** Make sure that the WordPress bootstrap has run before continuing. */ /** Make sure that the WordPress bootstrap has run before continuing. */
require( dirname( __FILE__ ) . '/wp-load.php'); require( dirname( __FILE__ ) . '/wp-load.php');
if ( empty( $wp_hasher ) ) {
require_once( ABSPATH . 'wp-includes/class-phpass.php');
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}
// 10 days // 10 days
setcookie('wp-postpass_' . COOKIEHASH, stripslashes( $_POST['post_password'] ), time() + 864000, COOKIEPATH); setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 864000, COOKIEPATH );
wp_safe_redirect( wp_get_referer() ); wp_safe_redirect( wp_get_referer() );
exit; exit;