Don't use variable variables in `wp_salt()`.
See #27881. Built from https://develop.svn.wordpress.org/trunk@28741 git-svn-id: http://core.svn.wordpress.org/trunk@28555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
994ca59abd
commit
43bf7f271f
|
@ -1773,45 +1773,51 @@ function wp_salt( $scheme = 'auth' ) {
|
|||
$duplicated_keys = array( 'put your unique phrase here' => true );
|
||||
foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) {
|
||||
foreach ( array( 'KEY', 'SALT' ) as $second ) {
|
||||
if ( ! defined( "{$first}_{$second}" ) )
|
||||
if ( ! defined( "{$first}_{$second}" ) ) {
|
||||
continue;
|
||||
}
|
||||
$value = constant( "{$first}_{$second}" );
|
||||
$duplicated_keys[ $value ] = isset( $duplicated_keys[ $value ] );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$key = $salt = '';
|
||||
if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) )
|
||||
$key = SECRET_KEY;
|
||||
if ( 'auth' == $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) )
|
||||
$salt = SECRET_SALT;
|
||||
$values = array(
|
||||
'key' => '',
|
||||
'salt' => ''
|
||||
);
|
||||
if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) ) {
|
||||
$values['key'] = SECRET_KEY;
|
||||
}
|
||||
if ( 'auth' == $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) ) {
|
||||
$values['salt'] = SECRET_SALT;
|
||||
}
|
||||
|
||||
if ( in_array( $scheme, array( 'auth', 'secure_auth', 'logged_in', 'nonce' ) ) ) {
|
||||
foreach ( array( 'key', 'salt' ) as $type ) {
|
||||
$const = strtoupper( "{$scheme}_{$type}" );
|
||||
if ( defined( $const ) && constant( $const ) && empty( $duplicated_keys[ constant( $const ) ] ) ) {
|
||||
$$type = constant( $const );
|
||||
} elseif ( ! $$type ) {
|
||||
$$type = get_site_option( "{$scheme}_{$type}" );
|
||||
if ( ! $$type ) {
|
||||
$$type = wp_generate_password( 64, true, true );
|
||||
update_site_option( "{$scheme}_{$type}", $$type );
|
||||
$values[ $type ] = constant( $const );
|
||||
} elseif ( ! $values[ $type ] ) {
|
||||
$values[ $type ] = get_site_option( "{$scheme}_{$type}" );
|
||||
if ( ! $values[ $type ] ) {
|
||||
$values[ $type ] = wp_generate_password( 64, true, true );
|
||||
update_site_option( "{$scheme}_{$type}", $values[ $type ] );
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if ( ! $key ) {
|
||||
$key = get_site_option( 'secret_key' );
|
||||
if ( ! $key ) {
|
||||
$key = wp_generate_password( 64, true, true );
|
||||
update_site_option( 'secret_key', $key );
|
||||
if ( ! $values['key'] ) {
|
||||
$values['key'] = get_site_option( 'secret_key' );
|
||||
if ( ! $values['key'] ) {
|
||||
$values['key'] = wp_generate_password( 64, true, true );
|
||||
update_site_option( 'secret_key', $values['key'] );
|
||||
}
|
||||
}
|
||||
$salt = hash_hmac( 'md5', $scheme, $key );
|
||||
$values['salt'] = hash_hmac( 'md5', $scheme, $values['key'] );
|
||||
}
|
||||
|
||||
$cached_salts[ $scheme ] = $key . $salt;
|
||||
$cached_salts[ $scheme ] = $values['key'] . $values['salt'];
|
||||
|
||||
/** This filter is documented in wp-includes/pluggable.php */
|
||||
return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme );
|
||||
|
|
Loading…
Reference in New Issue