Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/24/2016 02:34:37 PM (6 years ago)
Author:
boonebgorges
Message:

Better hash building for activation keys, password reset keys, and filenames.

There is no need to use user-facing info for these hashes.

Props DJPaul, vortfu.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-members/bp-members-screens.php

    r10711 r10800  
    370370        }
    371371
    372         $hashed_key = wp_hash( $key );
    373 
    374         // Check if the signup avatar folder exists. If it does, move the folder to
    375         // the BP user avatars directory.
    376         if ( file_exists( bp_core_avatar_upload_path() . '/avatars/signups/' . $hashed_key ) ) {
    377             @rename( bp_core_avatar_upload_path() . '/avatars/signups/' . $hashed_key, bp_core_avatar_upload_path() . '/avatars/' . $user );
    378         }
    379 
    380372        bp_core_add_message( __( 'Your account is now active!', 'buddypress' ) );
    381373        $bp->activation_complete = true;
Note: See TracChangeset for help on using the changeset viewer.