Introduce NONCE_SALT and NONCE_KEY
git-svn-id: http://svn.automattic.com/wordpress/trunk@10120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
12158b4e26
commit
0f927649f8
|
@ -44,6 +44,7 @@ define('DB_COLLATE', '');
|
||||||
define('AUTH_KEY', 'put your unique phrase here');
|
define('AUTH_KEY', 'put your unique phrase here');
|
||||||
define('SECURE_AUTH_KEY', 'put your unique phrase here');
|
define('SECURE_AUTH_KEY', 'put your unique phrase here');
|
||||||
define('LOGGED_IN_KEY', 'put your unique phrase here');
|
define('LOGGED_IN_KEY', 'put your unique phrase here');
|
||||||
|
define('NONCE_KEY', 'put your unique phrase here');
|
||||||
/**#@-*/
|
/**#@-*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1159,10 +1159,10 @@ function wp_verify_nonce($nonce, $action = -1) {
|
||||||
$i = wp_nonce_tick();
|
$i = wp_nonce_tick();
|
||||||
|
|
||||||
// Nonce generated 0-12 hours ago
|
// Nonce generated 0-12 hours ago
|
||||||
if ( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce )
|
if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce )
|
||||||
return 1;
|
return 1;
|
||||||
// Nonce generated 12-24 hours ago
|
// Nonce generated 12-24 hours ago
|
||||||
if ( substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
|
if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce )
|
||||||
return 2;
|
return 2;
|
||||||
// Invalid nonce
|
// Invalid nonce
|
||||||
return false;
|
return false;
|
||||||
|
@ -1184,7 +1184,7 @@ function wp_create_nonce($action = -1) {
|
||||||
|
|
||||||
$i = wp_nonce_tick();
|
$i = wp_nonce_tick();
|
||||||
|
|
||||||
return substr(wp_hash($i . $action . $uid), -12, 10);
|
return substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10);
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
@ -1272,6 +1272,19 @@ function wp_salt($scheme = 'auth') {
|
||||||
update_option('logged_in_salt', $salt);
|
update_option('logged_in_salt', $salt);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} elseif ( 'nonce' == $scheme ) {
|
||||||
|
if ( defined('NONCE_KEY') && ('' != NONCE_KEY) && ( $wp_default_secret_key != NONCE_KEY) )
|
||||||
|
$secret_key = NONCE_KEY;
|
||||||
|
|
||||||
|
if ( defined('NONCE_SALT') ) {
|
||||||
|
$salt = NONCE_SALT;
|
||||||
|
} else {
|
||||||
|
$salt = get_option('nonce_salt');
|
||||||
|
if ( empty($salt) ) {
|
||||||
|
$salt = wp_generate_password();
|
||||||
|
update_option('nonce_salt', $salt);
|
||||||
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
// ensure each auth scheme has its own unique salt
|
// ensure each auth scheme has its own unique salt
|
||||||
$salt = hash_hmac('md5', $scheme, $secret_key);
|
$salt = hash_hmac('md5', $scheme, $secret_key);
|
||||||
|
|
Loading…
Reference in New Issue