From ca0aa133ff70a84a27ccf54898ad5ca73416536b Mon Sep 17 00:00:00 2001 From: Pascal Birchler Date: Thu, 6 Apr 2017 18:00:16 +0000 Subject: [PATCH] Load: Only load `PasswordHash` class when needed. This reverts [38371] which loaded `class-phpass.php` early in `wp-settings.php` and in turn caused backward compatibility problems. Props DavidAnderson, ketuchetan. Fixes #39445. git-svn-id: https://develop.svn.wordpress.org/trunk@40387 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/pluggable.php | 3 +++ src/wp-includes/post-template.php | 1 + src/wp-includes/user.php | 2 ++ src/wp-login.php | 1 + src/wp-settings.php | 1 - 5 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php index 3058986ab6..2b9d912958 100644 --- a/src/wp-includes/pluggable.php +++ b/src/wp-includes/pluggable.php @@ -1805,6 +1805,7 @@ function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' ) // Now insert the key, hashed, into the DB. if ( empty( $wp_hasher ) ) { + require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash( 8, true ); } $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); @@ -2085,6 +2086,7 @@ function wp_hash_password($password) { global $wp_hasher; if ( empty($wp_hasher) ) { + require_once( ABSPATH . WPINC . '/class-phpass.php'); // By default, use the portable hash from phpass $wp_hasher = new PasswordHash(8, true); } @@ -2144,6 +2146,7 @@ function wp_check_password($password, $hash, $user_id = '') { // If the stored hash is longer than an MD5, presume the // new style phpass portable hash. if ( empty($wp_hasher) ) { + require_once( ABSPATH . WPINC . '/class-phpass.php'); // By default, use the portable hash from phpass $wp_hasher = new PasswordHash(8, true); } diff --git a/src/wp-includes/post-template.php b/src/wp-includes/post-template.php index 924e3996fb..b2fc1bfe46 100644 --- a/src/wp-includes/post-template.php +++ b/src/wp-includes/post-template.php @@ -793,6 +793,7 @@ function post_password_required( $post = null ) { return apply_filters( 'post_password_required', true, $post ); } + require_once ABSPATH . WPINC . '/class-phpass.php'; $hasher = new PasswordHash( 8, true ); $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php index 3067278363..dcd102623a 100644 --- a/src/wp-includes/user.php +++ b/src/wp-includes/user.php @@ -2121,6 +2121,7 @@ function get_password_reset_key( $user ) { // Now insert the key, hashed, into the DB. if ( empty( $wp_hasher ) ) { + require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash( 8, true ); } $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); @@ -2165,6 +2166,7 @@ function check_password_reset_key($key, $login) { return new WP_Error('invalid_key', __('Invalid key')); if ( empty( $wp_hasher ) ) { + require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash( 8, true ); } diff --git a/src/wp-login.php b/src/wp-login.php index 03422b3d71..d21ce154fd 100644 --- a/src/wp-login.php +++ b/src/wp-login.php @@ -438,6 +438,7 @@ case 'postpass' : exit(); } + require_once ABSPATH . WPINC . '/class-phpass.php'; $hasher = new PasswordHash( 8, true ); /** diff --git a/src/wp-settings.php b/src/wp-settings.php index 8dd0f40317..d1505c502d 100644 --- a/src/wp-settings.php +++ b/src/wp-settings.php @@ -100,7 +100,6 @@ require( ABSPATH . WPINC . '/class-wp-matchesmapregex.php' ); require( ABSPATH . WPINC . '/class-wp.php' ); require( ABSPATH . WPINC . '/class-wp-error.php' ); require( ABSPATH . WPINC . '/pomo/mo.php' ); -require( ABSPATH . WPINC . '/class-phpass.php' ); // Include the wpdb class and, if present, a db.php database drop-in. global $wpdb;