sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Harden HMAC verification. props duck_.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@28053 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2014-04-08 18:05:42 +00:00
parent bef5bdc86a
commit 3234ade164
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-includes/pluggable.php
View File

@ -647,7 +647,7 @@ function wp_validate_auth_cookie($cookie = '', $scheme = '') {
$key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
if ( $hmac != $hash ) {
if ( hash_hmac( 'md5', $hmac, $key ) !== hash_hmac( 'md5', $hash, $key ) ) {
/**
* Fires if a bad authentication cookie hash is encountered.
*