Security: Salting functions: translate the phrase "put your unique phrase here".

In `wp_salt()` WordPress pre-populates the check for duplicate salt values with the default put your unique phrase here. As the `wp-config.php file` for non-en_US can be translated in downloaded packages, a translated version of this phrase ought to be in the pre-populated duplicate values array too. Props peterwilsoncc, SergeyBiryukov, whaze, costdev, audrasjb. Fixes #55937. Built from https://develop.svn.wordpress.org/trunk@54249 git-svn-id: http://core.svn.wordpress.org/trunk@53808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-20 11:57:20 +00:00 · 2022-09-20 11:57:20 +00:00 · 06cb9d7691
parent 85cb9e4963
commit 06cb9d7691
4 changed files with 12 additions and 4 deletions
--- a/wp-admin/maint/repair.php
+++ b/wp-admin/maint/repair.php
@ -37,7 +37,7 @@ if ( ! defined( 'WP_ALLOW_REPAIR' ) || ! WP_ALLOW_REPAIR ) {
 	);
 	echo "</p><p><code>define('WP_ALLOW_REPAIR', true);</code></p>";

-	$default_key     = 'put your unique phrase here';
+	$default_key     = __( 'put your unique phrase here' );
 	$missing_key     = false;
 	$duplicated_keys = array();

--- a/wp-includes/class-wp-recovery-mode-cookie-service.php
+++ b/wp-includes/class-wp-recovery-mode-cookie-service.php
@ -198,7 +198,7 @@ final class WP_Recovery_Mode_Cookie_Service {
 	 * @return string|false The hashed $data, or false on failure.
 	 */
 	private function recovery_mode_hash( $data ) {
-		if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === 'put your unique phrase here' ) {
+		if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === __( 'put your unique phrase here' ) ) {
 			$auth_key = get_site_option( 'recovery_mode_auth_key' );

 			if ( ! $auth_key ) {
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@ -2408,7 +2408,15 @@ if ( ! function_exists( 'wp_salt' ) ) :

 		static $duplicated_keys;
 		if ( null === $duplicated_keys ) {
-			$duplicated_keys = array( 'put your unique phrase here' => true );
+			$duplicated_keys = array(
+				'put your unique phrase here'       => true,
+				/*
+				 * translators: This string should only be translated if wp-config-sample.php is localized.
+				 * You can check the localized release package or
+				 * https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php
+				 */
+				__( 'put your unique phrase here' ) => true,
+			);
 			foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) {
 				foreach ( array( 'KEY', 'SALT' ) as $second ) {
 					if ( ! defined( "{$first}_{$second}" ) ) {
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -16,7 +16,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '6.1-alpha-54248';
+$wp_version = '6.1-alpha-54249';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.