From 1991213da70ad849bc1057114bc68a4d82c669d3 Mon Sep 17 00:00:00 2001 From: Dominik Schilling Date: Sun, 10 Jul 2016 19:42:02 +0000 Subject: [PATCH] Multisite: Use `hash_equals()` when comparing hashes to mitigate timing attacks. Fixes #37324. git-svn-id: https://develop.svn.wordpress.org/trunk@38032 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/ms-delete-site.php | 2 +- src/wp-admin/options.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/wp-admin/ms-delete-site.php b/src/wp-admin/ms-delete-site.php index 282c3fac61..9424ae1970 100644 --- a/src/wp-admin/ms-delete-site.php +++ b/src/wp-admin/ms-delete-site.php @@ -16,7 +16,7 @@ if ( ! current_user_can( 'delete_site' ) ) wp_die(__( 'Sorry, you are not allowed to delete this site.')); if ( isset( $_GET['h'] ) && $_GET['h'] != '' && get_option( 'delete_blog_hash' ) != false ) { - if ( get_option( 'delete_blog_hash' ) == $_GET['h'] ) { + if ( hash_equals( get_option( 'delete_blog_hash' ), $_GET['h'] ) ) { wpmu_delete_blog( $wpdb->blogid ); wp_die( sprintf( __( 'Thank you for using %s, your site has been deleted. Happy trails to you until we meet again.' ), $current_site->site_name ) ); } else { diff --git a/src/wp-admin/options.php b/src/wp-admin/options.php index f39a0aac1a..f319d5208e 100644 --- a/src/wp-admin/options.php +++ b/src/wp-admin/options.php @@ -57,7 +57,7 @@ if ( is_multisite() ) { if ( ! empty($_GET[ 'adminhash' ] ) ) { $new_admin_details = get_option( 'adminhash' ); $redirect = 'options-general.php?updated=false'; - if ( is_array( $new_admin_details ) && $new_admin_details[ 'hash' ] == $_GET[ 'adminhash' ] && !empty($new_admin_details[ 'newemail' ]) ) { + if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'adminhash' ] ) && !empty($new_admin_details[ 'newemail' ]) ) { update_option( 'admin_email', $new_admin_details[ 'newemail' ] ); delete_option( 'adminhash' ); delete_option( 'new_admin_email' );