Add strict check to phpass's CheckPassword() method to avoid issues when the method is improperly called.

git-svn-id: https://develop.svn.wordpress.org/trunk@24457 602fd350-edb4-49c9-b593-d223f7449a82
2013-06-21 01:21:12 +00:00 · 2013-06-21 01:21:12 +00:00 · 473bef521b
parent 0aed5a2803
commit 473bef521b
1 changed files with 1 additions and 1 deletions
--- a/wp-includes/class-phpass.php
+++ b/wp-includes/class-phpass.php
@ -253,7 +253,7 @@ class PasswordHash {
 		if ($hash[0] == '*')
 			$hash = crypt($password, $stored_hash);

-		return $hash == $stored_hash;
+		return $hash === $stored_hash;
 	}
 }