Provide a DB fallback for keys in wp_salt(). Fall back when any secret is used more than once. Change how we detect a localized 'put your unique phrase here' -- eliminate $wp_default_secret_key and introduce $wp_secret_key_default to be added during the localized build process, not by translators. fixes #19599.

git-svn-id: http://svn.automattic.com/wordpress/trunk@19771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2012-01-27 18:52:20 +00:00
parent 001a7ba558
commit 017f5e4aeb
2 changed files with 40 additions and 65 deletions

View File

@ -140,8 +140,6 @@ function wp_plugin_directory_constants( ) {
* @since 3.0.0 * @since 3.0.0
*/ */
function wp_cookie_constants( ) { function wp_cookie_constants( ) {
global $wp_default_secret_key;
/** /**
* Used to guarantee unique hash cookies * Used to guarantee unique hash cookies
* @since 1.5 * @since 1.5
@ -154,12 +152,6 @@ function wp_cookie_constants( ) {
define( 'COOKIEHASH', '' ); define( 'COOKIEHASH', '' );
} }
/**
* Should be exactly the same as the default value of SECRET_KEY in wp-config-sample.php
* @since 2.5.0
*/
$wp_default_secret_key = 'put your unique phrase here';
/** /**
* @since 2.0.0 * @since 2.0.0
*/ */

View File

@ -1306,75 +1306,58 @@ if ( !function_exists('wp_salt') ) :
* *
* @link https://api.wordpress.org/secret-key/1.1/salt/ Create secrets for wp-config.php * @link https://api.wordpress.org/secret-key/1.1/salt/ Create secrets for wp-config.php
* *
* @param string $scheme Authentication scheme * @param string $scheme Authentication scheme (auth, secure_auth, logged_in, nonce)
* @return string Salt value * @return string Salt value
*/ */
function wp_salt($scheme = 'auth') { function wp_salt( $scheme = 'auth' ) {
global $wp_default_secret_key; global $wp_secret_key_default; // This is set for localized builds for versions > 3.4.0.
$secret_key = '';
if ( defined('SECRET_KEY') && ('' != SECRET_KEY) && ( $wp_default_secret_key != SECRET_KEY) )
$secret_key = SECRET_KEY;
if ( 'auth' == $scheme ) { static $duplicated_keys;
if ( defined('AUTH_KEY') && ('' != AUTH_KEY) && ( $wp_default_secret_key != AUTH_KEY) ) if ( null === $duplicated_keys ) {
$secret_key = AUTH_KEY; $duplicated_keys = array( 'put your unique phrase here' => true );
foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) {
if ( defined('AUTH_SALT') && ('' != AUTH_SALT) && ( $wp_default_secret_key != AUTH_SALT) ) { foreach ( array( 'KEY', 'SALT' ) as $second ) {
$salt = AUTH_SALT; if ( ! defined( "{$first}_{$second}" ) )
} elseif ( defined('SECRET_SALT') && ('' != SECRET_SALT) && ( $wp_default_secret_key != SECRET_SALT) ) { continue;
$salt = SECRET_SALT; $value = constant( "{$first}_{$second}" );
} else { $duplicated_keys[ $value ] = isset( $duplicated_keys[ $value ] );
$salt = get_site_option('auth_salt');
if ( empty($salt) ) {
$salt = wp_generate_password( 64, true, true );
update_site_option('auth_salt', $salt);
} }
} }
} elseif ( 'secure_auth' == $scheme ) { if ( ! empty( $wp_secret_key_default ) )
if ( defined('SECURE_AUTH_KEY') && ('' != SECURE_AUTH_KEY) && ( $wp_default_secret_key != SECURE_AUTH_KEY) ) $duplicated_keys[ $wp_secret_key_default ] = true;
$secret_key = SECURE_AUTH_KEY; }
if ( defined('SECURE_AUTH_SALT') && ('' != SECURE_AUTH_SALT) && ( $wp_default_secret_key != SECURE_AUTH_SALT) ) { $key = $salt = '';
$salt = SECURE_AUTH_SALT; if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) )
} else { $key = SECRET_KEY;
$salt = get_site_option('secure_auth_salt'); if ( 'auth' == $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) )
if ( empty($salt) ) { $salt = SECRET_SALT;
$salt = wp_generate_password( 64, true, true );
update_site_option('secure_auth_salt', $salt);
}
}
} elseif ( 'logged_in' == $scheme ) {
if ( defined('LOGGED_IN_KEY') && ('' != LOGGED_IN_KEY) && ( $wp_default_secret_key != LOGGED_IN_KEY) )
$secret_key = LOGGED_IN_KEY;
if ( defined('LOGGED_IN_SALT') && ('' != LOGGED_IN_SALT) && ( $wp_default_secret_key != LOGGED_IN_SALT) ) { if ( in_array( $scheme, array( 'auth', 'secure_auth', 'logged_in', 'nonce' ) ) ) {
$salt = LOGGED_IN_SALT; foreach ( array( 'key', 'salt' ) as $type ) {
} else { $const = strtoupper( "{$scheme}_{$type}" );
$salt = get_site_option('logged_in_salt'); if ( defined( $const ) && constant( $const ) && empty( $duplicated_keys[ constant( $const ) ] ) ) {
if ( empty($salt) ) { $$type = constant( $const );
$salt = wp_generate_password( 64, true, true ); } elseif ( ! $$type ) {
update_site_option('logged_in_salt', $salt); $$type = get_site_option( "{$scheme}_{$type}" );
} if ( ! $$type ) {
} $$type = wp_generate_password( 64, true, true );
} elseif ( 'nonce' == $scheme ) { update_site_option( "{$scheme}_{$type}", $$type );
if ( defined('NONCE_KEY') && ('' != NONCE_KEY) && ( $wp_default_secret_key != NONCE_KEY) ) }
$secret_key = NONCE_KEY;
if ( defined('NONCE_SALT') && ('' != NONCE_SALT) && ( $wp_default_secret_key != NONCE_SALT) ) {
$salt = NONCE_SALT;
} else {
$salt = get_site_option('nonce_salt');
if ( empty($salt) ) {
$salt = wp_generate_password( 64, true, true );
update_site_option('nonce_salt', $salt);
} }
} }
} else { } else {
// ensure each auth scheme has its own unique salt if ( ! $key ) {
$salt = hash_hmac('md5', $scheme, $secret_key); $key = get_site_option( 'secret_key' );
if ( ! $key ) {
$key = wp_generate_password( 64, true, true );
update_site_option( 'secret_key', $key );
}
}
$salt = hash_hmac( 'md5', $scheme, $key );
} }
return apply_filters('salt', $secret_key . $salt, $scheme); return apply_filters('salt', $key . $salt, $scheme);
} }
endif; endif;