diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-04-25 09:03:55 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-04-25 09:03:55 +0000 |
commit | 4dbe26b26fe556c71cc38e2531110bc63f351b4d (patch) | |
tree | de454a939b6567f1eef16952ff4ba883548eb498 /wp-includes/pluggable.php | |
parent | bc31549fc8053f8bc6502c337707168d5e66c508 (diff) | |
download | wordpress-mu-4dbe26b26fe556c71cc38e2531110bc63f351b4d.tar.gz wordpress-mu-4dbe26b26fe556c71cc38e2531110bc63f351b4d.tar.xz wordpress-mu-4dbe26b26fe556c71cc38e2531110bc63f351b4d.zip |
WP Merge to revision 7826
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1266 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-includes/pluggable.php')
-rw-r--r-- | wp-includes/pluggable.php | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 4a35347..eabf1ae 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -480,7 +480,11 @@ function wp_validate_auth_cookie($cookie = '') { $cookie = $_COOKIE[AUTH_COOKIE]; } - list($username, $expiration, $hmac) = explode('|', $cookie); + $cookie_elements = explode('|', $cookie); + if ( count($cookie_elements) != 3 ) + return false; + + list($username, $expiration, $hmac) = $cookie_elements; $expired = $expiration; @@ -488,11 +492,12 @@ function wp_validate_auth_cookie($cookie = '') { if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] ) $expired += 3600; + // Quick check to see if an honest cookie has expired if ( $expired < time() ) return false; - $key = wp_hash($username . $expiration); - $hash = hash_hmac('md5', $username . $expiration, $key); + $key = wp_hash($username . '|' . $expiration); + $hash = hash_hmac('md5', $username . '|' . $expiration, $key); if ( $hmac != $hash ) return false; @@ -520,8 +525,8 @@ if ( !function_exists('wp_generate_auth_cookie') ) : function wp_generate_auth_cookie($user_id, $expiration) { $user = get_userdata($user_id); - $key = wp_hash($user->user_login . $expiration); - $hash = hash_hmac('md5', $user->user_login . $expiration, $key); + $key = wp_hash($user->user_login . '|' . $expiration); + $hash = hash_hmac('md5', $user->user_login . '|' . $expiration, $key); $cookie = $user->user_login . '|' . $expiration . '|' . $hash; |