使用严等于来修复某些极端情况下密码可被绕过的漏洞

This commit is contained in:
祁宁
2014-03-15 22:50:17 +08:00
parent ee4e4838cd
commit 81f46ae06f
2 changed files with 3 additions and 3 deletions
+2 -2
View File
@@ -967,9 +967,9 @@ EOF;
{
if ('$T$' == substr($to, 0, 3)) {
$salt = substr($to, 3, 9);
return self::hash($from, $salt) == $to;
return self::hash($from, $salt) === $to;
} else {
return md5($from) == $to;
return md5($from) === $to;
}
}
+1 -1
View File
@@ -717,7 +717,7 @@ class Widget_Abstract_Contents extends Widget_Abstract
/** 处理密码保护流程 */
if (!empty($value['password']) &&
$value['password'] != Typecho_Cookie::get('protectPassword') &&
$value['password'] !== Typecho_Cookie::get('protectPassword') &&
$value['authorId'] != $this->user->uid &&
!$this->user->pass('editor', true)) {
$value['hidden'] = true;