wp_hash(), wp_salt(), and server secret.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3813 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
97acdb6f44
commit
22fd6e5d14
|
|
@ -229,6 +229,9 @@ function populate_options() {
|
|||
add_option('uploads_use_yearmonth_folders', 1);
|
||||
add_option('upload_path', 'wp-content/uploads');
|
||||
}
|
||||
|
||||
// 2.0.3
|
||||
add_option('secret', md5(uniqid(microtime())));
|
||||
|
||||
// Delete unused options
|
||||
$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog');
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ class WP_Object_Cache {
|
|||
var $cold_cache_hits = 0;
|
||||
var $warm_cache_hits = 0;
|
||||
var $cache_misses = 0;
|
||||
var $secret = '';
|
||||
|
||||
function acquire_lock() {
|
||||
// Acquire a write lock.
|
||||
|
|
@ -142,7 +143,7 @@ class WP_Object_Cache {
|
|||
return false;
|
||||
}
|
||||
|
||||
$cache_file = $this->cache_dir.$this->get_group_dir($group)."/".md5($id.DB_PASSWORD).'.php';
|
||||
$cache_file = $this->cache_dir.$this->get_group_dir($group)."/".$this->hash($id).'.php';
|
||||
if (!file_exists($cache_file)) {
|
||||
$this->non_existant_objects[$group][$id] = true;
|
||||
$this->cache_misses += 1;
|
||||
|
|
@ -173,6 +174,14 @@ class WP_Object_Cache {
|
|||
return "{$this->blog_id}/$group";
|
||||
}
|
||||
|
||||
function hash($data) {
|
||||
if ( function_exists('hash_hmac') ) {
|
||||
return hash_hmac('md5', $data, $this->secret);
|
||||
} else {
|
||||
return md5($data . $this->secret);
|
||||
}
|
||||
}
|
||||
|
||||
function load_group_from_db($group) {
|
||||
global $wpdb;
|
||||
|
||||
|
|
@ -332,7 +341,7 @@ class WP_Object_Cache {
|
|||
|
||||
$ids = array_unique($ids);
|
||||
foreach ($ids as $id) {
|
||||
$cache_file = $group_dir.md5($id.DB_PASSWORD).'.php';
|
||||
$cache_file = $group_dir.$this->hash($id).'.php';
|
||||
|
||||
// Remove the cache file if the key is not set.
|
||||
if (!isset ($this->cache[$group][$id])) {
|
||||
|
|
@ -424,7 +433,12 @@ class WP_Object_Cache {
|
|||
if (defined('CACHE_EXPIRATION_TIME'))
|
||||
$this->expiration_time = CACHE_EXPIRATION_TIME;
|
||||
|
||||
$this->blog_id = md5($blog_id);
|
||||
if ( defined('WP_SECRET') )
|
||||
$this->secret = WP_SECRET;
|
||||
else
|
||||
$this->secret = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH;
|
||||
|
||||
$this->blog_id = $this->hash($blog_id);
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -488,7 +488,7 @@ function wp_verify_nonce($nonce, $action = -1) {
|
|||
$i = ceil(time() / 43200);
|
||||
|
||||
//Allow for expanding range, but only do one check if we can
|
||||
if( substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10) == $nonce || substr(md5(($i - 1) . DB_PASSWORD . $action . $uid), -12, 10) == $nonce )
|
||||
if( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
|
|
@ -501,7 +501,29 @@ function wp_create_nonce($action = -1) {
|
|||
|
||||
$i = ceil(time() / 43200);
|
||||
|
||||
return substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10);
|
||||
return substr(wp_hash($i . $action . $uid), -12, 10);
|
||||
}
|
||||
endif;
|
||||
|
||||
if ( !function_exists('wp_salt') ) :
|
||||
function wp_salt() {
|
||||
$salt = get_option('secret');
|
||||
if ( empty($salt) )
|
||||
$salt = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH;
|
||||
|
||||
return $salt;
|
||||
}
|
||||
endif;
|
||||
|
||||
if ( !function_exists('wp_hash') ) :
|
||||
function wp_hash($data) {
|
||||
$salt = wp_salt();
|
||||
|
||||
if ( function_exists('hash_hmac') ) {
|
||||
return hash_hmac('md5', $data, $salt);
|
||||
} else {
|
||||
return md5($data . $salt);
|
||||
}
|
||||
}
|
||||
endif;
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,6 @@
|
|||
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN
|
||||
|
||||
$wp_version = '2.0.3-beta';
|
||||
$wp_db_version = 3796;
|
||||
$wp_db_version = 3310;
|
||||
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue