X-Git-Url: https://scripts.mit.edu/gitweb/autoinstallsdev/wordpress.git/blobdiff_plain/9e77185fafaf4e60e2b73821e0e4b9b1a11fb85f..874d2a2f468a0d1e69aab49b1fe2d9d79d3e1142:/wp-includes/class-phpass.php

diff --git a/wp-includes/class-phpass.php b/wp-includes/class-phpass.php
index 1970ae9d..f2dadae3 100644
--- a/wp-includes/class-phpass.php
+++ b/wp-includes/class-phpass.php
@@ -214,6 +214,10 @@ class PasswordHash {
 
 	function HashPassword($password)
 	{
+		if ( strlen( $password ) > 4096 ) {
+			return '*';
+		}
+
 		$random = '';
 
 		if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
@@ -249,6 +253,10 @@ class PasswordHash {
 
 	function CheckPassword($password, $stored_hash)
 	{
+		if ( strlen( $password ) > 4096 ) {
+			return false;
+		}
+
 		$hash = $this->crypt_private($password, $stored_hash);
 		if ($hash[0] == '*')
 			$hash = crypt($password, $stored_hash);