- // Strip the "<?php" added by lightncandy so that it can be eval()ed
- if ( substr( $code, 0, 5 ) === '<?php' ) {
- $code = substr( $code, 5 );
+ // Prefix the cached code with a keyed hash (64 hex chars) as an integrity check
+ $cache->set( $key, hash_hmac( 'sha256', $code, $secretKey ) . $code );
+ } else {
+ // Verify the integrity of the cached PHP code
+ $keyedHash = substr( $code, 0, 64 );
+ $code = substr( $code, 64 );
+ if ( $keyedHash !== hash_hmac( 'sha256', $code, $secretKey ) ) {
+ // Generate a notice if integrity check fails
+ trigger_error( "Template failed integrity check: {$filename}" );
+ }