wp_hash example


function wp_get_unapproved_comment_author_email() {
    $commenter_email = '';

    if ( ! empty( $_GET['unapproved'] ) && ! empty( $_GET['moderation-hash'] ) ) {
        $comment_id = (int) $_GET['unapproved'];
        $comment    = get_comment( $comment_id );

        if ( $comment && hash_equals( $_GET['moderation-hash']wp_hash( $comment->comment_date_gmt ) ) ) {
            // The comment will only be viewable by the comment author for 10 minutes.             $comment_preview_expires = strtotime( $comment->comment_date_gmt . '+10 minutes' );

            if ( time() < $comment_preview_expires ) {
                $commenter_email = $comment->comment_author_email;
            }
        }
    }

    if ( ! $commenter_email ) {
        $commenter       = wp_get_current_commenter();
        

        if ( isset( $request['number'] ) && is_numeric( $request['number'] ) ) {
            $widget_object->_set( (int) $request['number'] );
        } else {
            $widget_object->_set( -1 );
        }

        if ( isset( $request['instance']['encoded']$request['instance']['hash'] ) ) {
            $serialized_instance = base64_decode( $request['instance']['encoded'] );
            if ( ! hash_equals( wp_hash( $serialized_instance )$request['instance']['hash'] ) ) {
                return new WP_Error(
                    'rest_invalid_widget',
                    __( 'The provided instance is malformed.' ),
                    array( 'status' => 400 )
                );
            }
            $instance = unserialize( $serialized_instance );
        } else {
            $instance = array();
        }

        

    public function hash_nav_menu_args( $args ) {
        return wp_hash( serialize( $args ) );
    }

    /** * Enqueues scripts for the Customizer preview. * * @since 4.3.0 */
    public function customize_preview_enqueue_deps() {
        wp_enqueue_script( 'customize-preview-nav-menus' ); // Note that we have overridden this.     }

    
$id_base       = $attributes['idBase'];
    $widget_key    = $wp_widget_factory->get_widget_key( $id_base );
    $widget_object = $wp_widget_factory->get_widget_object( $id_base );

    if ( ! $widget_key || ! $widget_object ) {
        return '';
    }

    if ( isset( $attributes['instance']['encoded']$attributes['instance']['hash'] ) ) {
        $serialized_instance = base64_decode( $attributes['instance']['encoded'] );
        if ( ! hash_equals( wp_hash( $serialized_instance )(string) $attributes['instance']['hash'] ) ) {
            return '';
        }
        $instance = unserialize( $serialized_instance );
    } else {
        $instance = array();
    }

    $args = array(
        'widget_id'   => $widget_object->id,
        'widget_name' => $widget_object->name,
    );

    

            do_action( 'auth_cookie_bad_username', $cookie_elements );
            return false;
        }

        $pass_frag = substr( $user->user_pass, 8, 4 );

        $key = wp_hash( $username . '|' . $pass_frag . '|' . $expiration . '|' . $token$scheme );

        // If ext/hash is not present, compat.php's hash_hmac() does not support sha256.         $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
        $hash = hash_hmac( $algo$username . '|' . $expiration . '|' . $token$key );

        if ( ! hash_equals( $hash$hmac ) ) {
            /** * Fires if a bad authentication cookie hash is encountered. * * @since 2.7.0 * * @param string[] $cookie_elements { * Authentication cookie components. None of the components should be assumed * to be valid as they come directly from a client-provided cookie value. * * @type string $username User's username. * @type string $expiration The time the cookie expires as a UNIX timestamp. * @type string $token User's session token used. * @type string $hmac The security hash for the cookie. * @type string $scheme The cookie scheme to use. * } */

do_action( 'set_comment_cookies', $comment$user$cookies_consent );

$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment ) : $_POST['redirect_to'] . '#comment-' . $comment->comment_ID;

// If user didn't consent to cookies, add specific query arguments to display the awaiting moderation message. if ( ! $cookies_consent && 'unapproved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_author_email ) ) {
    $location = add_query_arg(
        array(
            'unapproved'      => $comment->comment_ID,
            'moderation-hash' => wp_hash( $comment->comment_date_gmt ),
        ),
        $location
    );
}

/** * Filters the location URI to send the commenter after posting. * * @since 2.0.5 * * @param string $location The 'redirect_to' URI sent via $_POST. * @param WP_Comment $comment Comment object. */
if ( isset( $request['instance']['raw'] ) ) {
                if ( empty( $widget_object->widget_options['show_instance_in_rest'] ) ) {
                    return new WP_Error(
                        'rest_invalid_widget',
                        __( 'Widget type does not support raw instances.' ),
                        array( 'status' => 400 )
                    );
                }
                $instance = $request['instance']['raw'];
            } elseif ( isset( $request['instance']['encoded']$request['instance']['hash'] ) ) {
                $serialized_instance = base64_decode( $request['instance']['encoded'] );
                if ( ! hash_equals( wp_hash( $serialized_instance )$request['instance']['hash'] ) ) {
                    return new WP_Error(
                        'rest_invalid_widget',
                        __( 'The provided instance is malformed.' ),
                        array( 'status' => 400 )
                    );
                }
                $instance = unserialize( $serialized_instance );
            } else {
                return new WP_Error(
                    'rest_invalid_widget',
                    __( 'The provided instance is invalid. Must contain raw OR encoded and hash.' ),
                    

    protected function get_instance_hash_key( $serialized_instance ) {
        return wp_hash( $serialized_instance );
    }

    /** * Sanitizes a widget instance. * * Unserialize the JS-instance for storing in the options. It's important that this filter * only get applied to an instance *once*. * * @since 3.9.0 * @since 5.8.0 Added the `$id_base` parameter. * * @global WP_Widget_Factory $wp_widget_factory * * @param array $value Widget instance to sanitize. * @param string $id_base Optional. Base of the ID of the widget being sanitized. Default null. * @return array|void Sanitized widget instance. */
Home | Imprint | This part of the site doesn't use cookies.