Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/24/2016 02:34:37 PM (8 years ago)
Author:
boonebgorges
Message:

Better hash building for activation keys, password reset keys, and filenames.

There is no need to use user-facing info for these hashes.

Props DJPaul, vortfu.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/classes/class-bp-attachment-avatar.php

    r10417 r10800  
    293293            }
    294294
    295             $args['dst_file'] = $avatar_folder_dir . '/' . wp_hash( $absolute_path . time() ) . '-bp' . $key_type . '.' . $ext;
     295            $filename         = wp_unique_filename( $avatar_folder_dir, uniqid() . "-bp{$key_type}.{$ext}" );
     296            $args['dst_file'] = $avatar_folder_dir . '/' . $filename;
    296297
    297298            $avatar_types[ $key_type ] = parent::crop( $args );
Note: See TracChangeset for help on using the changeset viewer.