Multisite: Use `hash_equals()` when comparing hashes to mitigate timing attacks.
Fixes #37324. git-svn-id: https://develop.svn.wordpress.org/trunk@38032 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
310d406274
commit
1991213da7
|
@ -16,7 +16,7 @@ if ( ! current_user_can( 'delete_site' ) )
|
||||||
wp_die(__( 'Sorry, you are not allowed to delete this site.'));
|
wp_die(__( 'Sorry, you are not allowed to delete this site.'));
|
||||||
|
|
||||||
if ( isset( $_GET['h'] ) && $_GET['h'] != '' && get_option( 'delete_blog_hash' ) != false ) {
|
if ( isset( $_GET['h'] ) && $_GET['h'] != '' && get_option( 'delete_blog_hash' ) != false ) {
|
||||||
if ( get_option( 'delete_blog_hash' ) == $_GET['h'] ) {
|
if ( hash_equals( get_option( 'delete_blog_hash' ), $_GET['h'] ) ) {
|
||||||
wpmu_delete_blog( $wpdb->blogid );
|
wpmu_delete_blog( $wpdb->blogid );
|
||||||
wp_die( sprintf( __( 'Thank you for using %s, your site has been deleted. Happy trails to you until we meet again.' ), $current_site->site_name ) );
|
wp_die( sprintf( __( 'Thank you for using %s, your site has been deleted. Happy trails to you until we meet again.' ), $current_site->site_name ) );
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -57,7 +57,7 @@ if ( is_multisite() ) {
|
||||||
if ( ! empty($_GET[ 'adminhash' ] ) ) {
|
if ( ! empty($_GET[ 'adminhash' ] ) ) {
|
||||||
$new_admin_details = get_option( 'adminhash' );
|
$new_admin_details = get_option( 'adminhash' );
|
||||||
$redirect = 'options-general.php?updated=false';
|
$redirect = 'options-general.php?updated=false';
|
||||||
if ( is_array( $new_admin_details ) && $new_admin_details[ 'hash' ] == $_GET[ 'adminhash' ] && !empty($new_admin_details[ 'newemail' ]) ) {
|
if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'adminhash' ] ) && !empty($new_admin_details[ 'newemail' ]) ) {
|
||||||
update_option( 'admin_email', $new_admin_details[ 'newemail' ] );
|
update_option( 'admin_email', $new_admin_details[ 'newemail' ] );
|
||||||
delete_option( 'adminhash' );
|
delete_option( 'adminhash' );
|
||||||
delete_option( 'new_admin_email' );
|
delete_option( 'new_admin_email' );
|
||||||
|
|
Loading…
Reference in New Issue