Changeset 10800
- Timestamp:
- 05/24/2016 02:34:37 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/bp-core/classes/class-bp-attachment-avatar.php
r10417 r10800 293 293 } 294 294 295 $args['dst_file'] = $avatar_folder_dir . '/' . wp_hash( $absolute_path . time() ) . '-bp' . $key_type . '.' . $ext; 295 $filename = wp_unique_filename( $avatar_folder_dir, uniqid() . "-bp{$key_type}.{$ext}" ); 296 $args['dst_file'] = $avatar_folder_dir . '/' . $filename; 296 297 297 298 $avatar_types[ $key_type ] = parent::crop( $args ); -
trunk/src/bp-core/classes/class-bp-attachment-cover-image.php
r10417 r10800 209 209 } 210 210 211 $info = pathinfo( $file ); 212 $dir = $info['dirname']; 213 $ext = strtolower( $info['extension'] ); 214 $name = wp_hash( $file . time() ) . '-bp-cover-image'; 215 216 return trailingslashit( $dir ) . "{$name}.{$ext}"; 211 $info = pathinfo( $file ); 212 $ext = strtolower( $info['extension'] ); 213 $name = wp_unique_filename( $info['dirname'], uniqid() . "-bp-cover-image.$ext" ); 214 215 return trailingslashit( $info['dirname'] ) . $name; 217 216 } 218 217 -
trunk/src/bp-members/bp-members-functions.php
r10774 r10800 1840 1840 $user_login = preg_replace( '/\s+/', '', sanitize_user( $user_login, true ) ); 1841 1841 $user_email = sanitize_email( $user_email ); 1842 $activation_key = substr( md5( time() . rand() . $user_email ), 0, 16);1842 $activation_key = wp_generate_password( 32, false ); 1843 1843 1844 1844 /** … … 1862 1862 } 1863 1863 1864 $activation_key = wp_hash( $user_id );1865 1864 bp_update_user_meta( $user_id, 'activation_key', $activation_key ); 1866 1865 } … … 1990 1989 $user_id = username_exists( $signup->user_login ); 1991 1990 1992 // Create the user. 1991 // Create the user. This should only be necessary if BP_SIGNUPS_SKIP_USER_CREATION is true. 1993 1992 if ( ! $user_id ) { 1994 1993 $user_id = wp_create_user( $signup->user_login, $password, $signup->user_email ); 1995 1994 1996 // If a user ID is found, this may be a legacy signup, or one1997 // created locally for backward compatibility. Process it.1998 } elseif ( $key == wp_hash( $user_id ) ) { 1995 // Otherwise, update the existing user's status. 1996 } elseif ( $key === bp_get_user_meta( $user_id, 'activation_key', true ) || $key === wp_hash( $user_id ) ) { 1997 1999 1998 // Change the user's status so they become active. 2000 1999 if ( ! $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->users} SET user_status = 0 WHERE ID = %d", $user_id ) ) ) { … … 2156 2155 // Rebuild the activation key, if missing. 2157 2156 if ( empty( $signup->activation_key ) ) { 2158 $signup->activation_key = wp_ hash( $signup->ID);2157 $signup->activation_key = wp_generate_password( 32, false ); 2159 2158 } 2160 2159 -
trunk/src/bp-members/bp-members-screens.php
r10711 r10800 370 370 } 371 371 372 $hashed_key = wp_hash( $key );373 374 // Check if the signup avatar folder exists. If it does, move the folder to375 // the BP user avatars directory.376 if ( file_exists( bp_core_avatar_upload_path() . '/avatars/signups/' . $hashed_key ) ) {377 @rename( bp_core_avatar_upload_path() . '/avatars/signups/' . $hashed_key, bp_core_avatar_upload_path() . '/avatars/' . $user );378 }379 380 372 bp_core_add_message( __( 'Your account is now active!', 'buddypress' ) ); 381 373 $bp->activation_complete = true; -
trunk/src/bp-members/classes/class-bp-signup.php
r10711 r10800 747 747 $user_id = username_exists( $signup->user_login ); 748 748 749 if ( ! empty( $user_id ) && $signup->activation_key == wp_hash( $user_id) ) {749 if ( ! empty( $user_id ) && $signup->activation_key === bp_get_user_meta( $user_id, 'activation_key', true ) ) { 750 750 751 751 if ( 2 != self::check_user_status( $user_id ) ) { -
trunk/src/bp-settings/bp-settings-actions.php
r10498 r10800 95 95 // Store a hash to enable email validation. 96 96 if ( false === $email_error ) { 97 $hash = wp_ hash( $_POST['email']);97 $hash = wp_generate_password( 32, false ); 98 98 99 99 $pending_email = array( -
trunk/tests/phpunit/testcases/members/functions.php
r9819 r10800 262 262 263 263 // Fake an old-style registration 264 $key = wp_ hash( $u_obj->ID);264 $key = wp_generate_password( 32, false ); 265 265 update_user_meta( $u, 'activation_key', $key ); 266 266 … … 296 296 297 297 // Fake an old-style registration 298 $key = wp_ hash( $u_obj->ID);298 $key = wp_generate_password( 32, false ); 299 299 update_user_meta( $u, 'activation_key', $key ); 300 300
Note: See TracChangeset
for help on using the changeset viewer.