From 3a4811afb4e0607fc84a0216413a143f5803948f Mon Sep 17 00:00:00 2001
From: Scott Taylor <wonderboymusic@git.wordpress.org>
Date: Fri, 26 Aug 2016 17:39:37 +0000
Subject: [PATCH] Load: load `class-phpass.php` (`PasswordHash` class) early in
 `wp-settings.php`, instead of `require_once()`'ing it in several places.

See #36335.


git-svn-id: https://develop.svn.wordpress.org/trunk@38371 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/pluggable.php     | 3 ---
 src/wp-includes/post-template.php | 1 -
 src/wp-includes/user.php          | 2 --
 src/wp-login.php                  | 1 -
 src/wp-settings.php               | 1 +
 5 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
index b894b581c1..407a9ca42c 100644
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -1739,7 +1739,6 @@ function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' )
 
 	// Now insert the key, hashed, into the DB.
 	if ( empty( $wp_hasher ) ) {
-		require_once ABSPATH . WPINC . '/class-phpass.php';
 		$wp_hasher = new PasswordHash( 8, true );
 	}
 	$hashed = time() . ':' . $wp_hasher->HashPassword( $key );
@@ -2014,7 +2013,6 @@ function wp_hash_password($password) {
 	global $wp_hasher;
 
 	if ( empty($wp_hasher) ) {
-		require_once( ABSPATH . WPINC . '/class-phpass.php');
 		// By default, use the portable hash from phpass
 		$wp_hasher = new PasswordHash(8, true);
 	}
@@ -2074,7 +2072,6 @@ function wp_check_password($password, $hash, $user_id = '') {
 	// If the stored hash is longer than an MD5, presume the
 	// new style phpass portable hash.
 	if ( empty($wp_hasher) ) {
-		require_once( ABSPATH . WPINC . '/class-phpass.php');
 		// By default, use the portable hash from phpass
 		$wp_hasher = new PasswordHash(8, true);
 	}
diff --git a/src/wp-includes/post-template.php b/src/wp-includes/post-template.php
index bb0b81a882..7994f89c87 100644
--- a/src/wp-includes/post-template.php
+++ b/src/wp-includes/post-template.php
@@ -785,7 +785,6 @@ function post_password_required( $post = null ) {
 	if ( ! isset( $_COOKIE['wp-postpass_' . COOKIEHASH] ) )
 		return true;
 
-	require_once ABSPATH . WPINC . '/class-phpass.php';
 	$hasher = new PasswordHash( 8, true );
 
 	$hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
index 6d473ef4c8..840a26ba6f 100644
--- a/src/wp-includes/user.php
+++ b/src/wp-includes/user.php
@@ -2095,7 +2095,6 @@ function get_password_reset_key( $user ) {
 
 	// Now insert the key, hashed, into the DB.
 	if ( empty( $wp_hasher ) ) {
-		require_once ABSPATH . WPINC . '/class-phpass.php';
 		$wp_hasher = new PasswordHash( 8, true );
 	}
 	$hashed = time() . ':' . $wp_hasher->HashPassword( $key );
@@ -2140,7 +2139,6 @@ function check_password_reset_key($key, $login) {
 		return new WP_Error('invalid_key', __('Invalid key'));
 
 	if ( empty( $wp_hasher ) ) {
-		require_once ABSPATH . WPINC . '/class-phpass.php';
 		$wp_hasher = new PasswordHash( 8, true );
 	}
 
diff --git a/src/wp-login.php b/src/wp-login.php
index c323f86d63..409342d761 100644
--- a/src/wp-login.php
+++ b/src/wp-login.php
@@ -439,7 +439,6 @@ case 'postpass' :
 		exit();
 	}
 
-	require_once ABSPATH . WPINC . '/class-phpass.php';
 	$hasher = new PasswordHash( 8, true );
 
 	/**
diff --git a/src/wp-settings.php b/src/wp-settings.php
index 2fa73c83af..08117198d0 100644
--- a/src/wp-settings.php
+++ b/src/wp-settings.php
@@ -95,6 +95,7 @@ require( ABSPATH . WPINC . '/functions.php' );
 require( ABSPATH . WPINC . '/class-wp.php' );
 require( ABSPATH . WPINC . '/class-wp-error.php' );
 require( ABSPATH . WPINC . '/pomo/mo.php' );
+require( ABSPATH . WPINC . '/class-phpass.php' );
 
 // Include the wpdb class and, if present, a db.php database drop-in.
 global $wpdb;