[wp-trac] [WordPress Trac] #10284: hash_hmac implementation does not match PHP hash_hmac
WordPress Trac
wp-trac at lists.automattic.com
Sat Sep 12 02:13:56 UTC 2009
#10284: hash_hmac implementation does not match PHP hash_hmac
--------------------------+-------------------------------------------------
Reporter: jrush_aplus | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8.5
Component: General | Version: 2.8
Severity: normal | Keywords: has-patch tested
--------------------------+-------------------------------------------------
Comment(by mdawaffe):
Outputs from core uses of hash_hmac() will not change for most blogs. The
key length provided by https://api.wordpress.org/secret-key/1.1/ are all
64 characters long. (Under the assumption that most blogs use either
random keys from above, the default key, or shorter custom keys).
However, most outputs from core uses of wp_hash() will change on most
blogs.
So after patching on most blogs, all users on those blogs will be logged
out. Logging back in will not be affected. Also, all nonces will be
invalid, but new and valid ones will generate just fine.
A temporary and one time effect (the same effect many upgrades face:
cookies and nonces are invalid after upgrade).
+1
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10284#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list