Fall back to wp_generate_password() in setup-config.php if HTTPS request for secret keys fails. Also use pretty link to secret-key API, see #12159

git-svn-id: http://svn.automattic.com/wordpress/trunk@13133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2010-02-14 02:47:45 +00:00
parent cfa428b8d2
commit 5871a56009
3 changed files with 23 additions and 9 deletions

View File

@ -16,6 +16,11 @@
*/ */
define('WP_INSTALLING', true); define('WP_INSTALLING', true);
/**
* We are blissfully unaware of anything.
*/
define('WP_SETUP_CONFIG', true);
/** /**
* Disable error reporting * Disable error reporting
* *
@ -179,11 +184,17 @@ switch($step) {
} }
/**#@-*/ /**#@-*/
$secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/?salt=1' ); $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
if ( is_wp_error( $secret_keys ) ) if ( is_wp_error( $secret_keys ) ) {
$secret_keys = false; $secret_keys = array();
else require_once( ABSPATH . WPINC . '/pluggable.php' );
for ( $i = 0; $i < 8; $i++ )
$secret_keys[] = wp_generate_password( 64 );
} else {
$secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) ); $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
foreach ( $secret_keys as $k => $v )
$secret_keys[$k] = substr( $v, 28, 64 );
}
$key = 0; $key = 0;
foreach ($configFile as $line_num => $line) { foreach ($configFile as $line_num => $line) {
@ -211,8 +222,7 @@ switch($step) {
case "define('SECURE_A": case "define('SECURE_A":
case "define('LOGGED_I": case "define('LOGGED_I":
case "define('NONCE_SA": case "define('NONCE_SA":
if ( $secret_keys ) $configFile[$line_num] = str_replace('put your unique phrase here', $secret_keys[$key++], $line );
$configFile[$line_num] = str_replace('put your unique phrase here', substr( $secret_keys[$key++], 28, 64 ), $line );
break; break;
} }
} }

View File

@ -37,7 +37,7 @@ define('DB_COLLATE', '');
* Authentication Unique Keys and Salts. * Authentication Unique Keys and Salts.
* *
* Change these to different unique phrases! * Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/?salt=1 WordPress.org secret-key service} * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
* *
* @since 2.6.0 * @since 2.6.0

View File

@ -1495,12 +1495,16 @@ function wp_rand( $min = 0, $max = 0 ) {
// Reset $rnd_value after 14 uses // Reset $rnd_value after 14 uses
// 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
if ( strlen($rnd_value) < 8 ) { if ( strlen($rnd_value) < 8 ) {
$seed = get_transient('random_seed'); if ( defined( 'WP_SETUP_CONFIG' ) )
static $seed = '';
else
$seed = get_transient('random_seed');
$rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed ); $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed );
$rnd_value .= sha1($rnd_value); $rnd_value .= sha1($rnd_value);
$rnd_value .= sha1($rnd_value . $seed); $rnd_value .= sha1($rnd_value . $seed);
$seed = md5($seed . $rnd_value); $seed = md5($seed . $rnd_value);
set_transient('random_seed', $seed); if ( ! defined( 'WP_SETUP_CONFIG' ) )
set_transient('random_seed', $seed);
} }
// Take the first 8 digits for our value // Take the first 8 digits for our value