wp_hash() and server secret.

git-svn-id: https://develop.svn.wordpress.org/trunk@3810 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
2006-05-31 00:24:03 +00:00
parent cc7d9c46f3
commit feb562c29f
4 changed files with 36 additions and 6 deletions

View File

@@ -491,7 +491,7 @@ function wp_verify_nonce($nonce, $action = -1) {
$i = ceil(time() / 43200);
//Allow for expanding range, but only do one check if we can
if( substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10) == $nonce || substr(md5(($i - 1) . DB_PASSWORD . $action . $uid), -12, 10) == $nonce )
if( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
return true;
return false;
}
@@ -504,7 +504,21 @@ function wp_create_nonce($action = -1) {
$i = ceil(time() / 43200);
return substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10);
return substr(wp_hash($i . $action . $uid), -12, 10);
}
endif;
if ( !function_exists('wp_hash') ) :
function wp_hash($data) {
$secret = get_option('secret');
if ( empty($secret) )
$secret = DB_PASSWORD;
if ( function_exists('hash_hmac') ) {
return hash_hmac('md5', $data, $secret);
} else {
return md5($data . $secret);
}
}
endif;