Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/24/2016 02:34:37 PM (10 years ago)
Author:
boonebgorges
Message:

Better hash building for activation keys, password reset keys, and filenames.

There is no need to use user-facing info for these hashes.

Props DJPaul, vortfu.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/bp-settings/bp-settings-actions.php

    r10498 r10800  
    9595                // Store a hash to enable email validation.
    9696                if ( false === $email_error ) {
    97                     $hash = wp_hash( $_POST['email'] );
     97                    $hash = wp_generate_password( 32, false );
    9898
    9999                    $pending_email = array(
Note: See TracChangeset for help on using the changeset viewer.