Provide a DB fallback for keys in wp_salt(). Fall back when any secret is used more than once. Change how we detect a localized 'put your unique phrase here' -- eliminate $wp_default_secret_key and introduce $wp_secret_key_default to be added during the localized build process, not by translators. fixes #19599.

git-svn-id: http://svn.automattic.com/wordpress/trunk@19771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2012-01-27 18:52:20 +00:00
parent 001a7ba558
commit 017f5e4aeb
2 changed files with 40 additions and 65 deletions

View File

@ -140,8 +140,6 @@ function wp_plugin_directory_constants( ) {
* @since 3.0.0
*/
function wp_cookie_constants( ) {
global $wp_default_secret_key;
/**
* Used to guarantee unique hash cookies
* @since 1.5
@ -154,12 +152,6 @@ function wp_cookie_constants( ) {
define( 'COOKIEHASH', '' );
}
/**
* Should be exactly the same as the default value of SECRET_KEY in wp-config-sample.php
* @since 2.5.0
*/
$wp_default_secret_key = 'put your unique phrase here';
/**
* @since 2.0.0
*/

View File

@ -1306,75 +1306,58 @@ if ( !function_exists('wp_salt') ) :
*
* @link https://api.wordpress.org/secret-key/1.1/salt/ Create secrets for wp-config.php
*
* @param string $scheme Authentication scheme
* @param string $scheme Authentication scheme (auth, secure_auth, logged_in, nonce)
* @return string Salt value
*/
function wp_salt( $scheme = 'auth' ) {
global $wp_default_secret_key;
$secret_key = '';
if ( defined('SECRET_KEY') && ('' != SECRET_KEY) && ( $wp_default_secret_key != SECRET_KEY) )
$secret_key = SECRET_KEY;
global $wp_secret_key_default; // This is set for localized builds for versions > 3.4.0.
if ( 'auth' == $scheme ) {
if ( defined('AUTH_KEY') && ('' != AUTH_KEY) && ( $wp_default_secret_key != AUTH_KEY) )
$secret_key = AUTH_KEY;
static $duplicated_keys;
if ( null === $duplicated_keys ) {
$duplicated_keys = array( 'put your unique phrase here' => true );
foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) {
foreach ( array( 'KEY', 'SALT' ) as $second ) {
if ( ! defined( "{$first}_{$second}" ) )
continue;
$value = constant( "{$first}_{$second}" );
$duplicated_keys[ $value ] = isset( $duplicated_keys[ $value ] );
}
}
if ( ! empty( $wp_secret_key_default ) )
$duplicated_keys[ $wp_secret_key_default ] = true;
}
if ( defined('AUTH_SALT') && ('' != AUTH_SALT) && ( $wp_default_secret_key != AUTH_SALT) ) {
$salt = AUTH_SALT;
} elseif ( defined('SECRET_SALT') && ('' != SECRET_SALT) && ( $wp_default_secret_key != SECRET_SALT) ) {
$key = $salt = '';
if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) )
$key = SECRET_KEY;
if ( 'auth' == $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) )
$salt = SECRET_SALT;
} else {
$salt = get_site_option('auth_salt');
if ( empty($salt) ) {
$salt = wp_generate_password( 64, true, true );
update_site_option('auth_salt', $salt);
}
}
} elseif ( 'secure_auth' == $scheme ) {
if ( defined('SECURE_AUTH_KEY') && ('' != SECURE_AUTH_KEY) && ( $wp_default_secret_key != SECURE_AUTH_KEY) )
$secret_key = SECURE_AUTH_KEY;
if ( defined('SECURE_AUTH_SALT') && ('' != SECURE_AUTH_SALT) && ( $wp_default_secret_key != SECURE_AUTH_SALT) ) {
$salt = SECURE_AUTH_SALT;
} else {
$salt = get_site_option('secure_auth_salt');
if ( empty($salt) ) {
$salt = wp_generate_password( 64, true, true );
update_site_option('secure_auth_salt', $salt);
if ( in_array( $scheme, array( 'auth', 'secure_auth', 'logged_in', 'nonce' ) ) ) {
foreach ( array( 'key', 'salt' ) as $type ) {
$const = strtoupper( "{$scheme}_{$type}" );
if ( defined( $const ) && constant( $const ) && empty( $duplicated_keys[ constant( $const ) ] ) ) {
$$type = constant( $const );
} elseif ( ! $$type ) {
$$type = get_site_option( "{$scheme}_{$type}" );
if ( ! $$type ) {
$$type = wp_generate_password( 64, true, true );
update_site_option( "{$scheme}_{$type}", $$type );
}
}
} elseif ( 'logged_in' == $scheme ) {
if ( defined('LOGGED_IN_KEY') && ('' != LOGGED_IN_KEY) && ( $wp_default_secret_key != LOGGED_IN_KEY) )
$secret_key = LOGGED_IN_KEY;
if ( defined('LOGGED_IN_SALT') && ('' != LOGGED_IN_SALT) && ( $wp_default_secret_key != LOGGED_IN_SALT) ) {
$salt = LOGGED_IN_SALT;
} else {
$salt = get_site_option('logged_in_salt');
if ( empty($salt) ) {
$salt = wp_generate_password( 64, true, true );
update_site_option('logged_in_salt', $salt);
}
}
} elseif ( 'nonce' == $scheme ) {
if ( defined('NONCE_KEY') && ('' != NONCE_KEY) && ( $wp_default_secret_key != NONCE_KEY) )
$secret_key = NONCE_KEY;
if ( defined('NONCE_SALT') && ('' != NONCE_SALT) && ( $wp_default_secret_key != NONCE_SALT) ) {
$salt = NONCE_SALT;
} else {
$salt = get_site_option('nonce_salt');
if ( empty($salt) ) {
$salt = wp_generate_password( 64, true, true );
update_site_option('nonce_salt', $salt);
}
}
} else {
// ensure each auth scheme has its own unique salt
$salt = hash_hmac('md5', $scheme, $secret_key);
if ( ! $key ) {
$key = get_site_option( 'secret_key' );
if ( ! $key ) {
$key = wp_generate_password( 64, true, true );
update_site_option( 'secret_key', $key );
}
}
$salt = hash_hmac( 'md5', $scheme, $key );
}
return apply_filters('salt', $secret_key . $salt, $scheme);
return apply_filters('salt', $key . $salt, $scheme);
}
endif;