[wp-cvs] wordpress wp-login.php,1.42,1.43
Ryan Boren
rboren at users.sourceforge.net
Wed Oct 13 02:21:39 UTC 2004
Update of /cvsroot/cafelog/wordpress
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv5841
Modified Files:
wp-login.php
Log Message:
Double hash password in cookies.
Index: wp-login.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-login.php,v
retrieving revision 1.42
retrieving revision 1.43
diff -C2 -d -r1.42 -r1.43
*** wp-login.php 11 Oct 2004 07:00:21 -0000 1.42
--- wp-login.php 13 Oct 2004 02:21:36 -0000 1.43
***************
*** 160,164 ****
if ( wp_login($log, $pwd) ) {
$user_login = $log;
! $user_pass = md5($pwd);
setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
setcookie('wordpresspass_'. COOKIEHASH, $user_pass, time() + 31536000, COOKIEPATH);
--- 160,164 ----
if ( wp_login($log, $pwd) ) {
$user_login = $log;
! $user_pass = md5(md5($pwd)); // Double hash the password in the cookie.
setcookie('wordpressuser_'. COOKIEHASH, $user_login, time() + 31536000, COOKIEPATH);
setcookie('wordpresspass_'. COOKIEHASH, $user_pass, time() + 31536000, COOKIEPATH);
More information about the cvs
mailing list