wp_hash() and server secret.

git-svn-id: http://svn.automattic.com/wordpress/trunk@3810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-05-31 00:24:03 +00:00
parent 20b5e18fea
commit a50330dd45
4 changed files with 36 additions and 6 deletions

View File

@ -224,6 +224,10 @@ function populate_options() {
add_option('uploads_use_yearmonth_folders', 1); add_option('uploads_use_yearmonth_folders', 1);
add_option('upload_path', 'wp-content/uploads'); add_option('upload_path', 'wp-content/uploads');
} }
// 2.0.3
add_option('secret', md5(uniqid(microtime())));
// 2.1 // 2.1
add_option('blog_public', 1); add_option('blog_public', 1);
add_option('default_link_category', 2); add_option('default_link_category', 2);

View File

@ -142,7 +142,7 @@ class WP_Object_Cache {
return false; return false;
} }
$cache_file = $this->cache_dir.$this->get_group_dir($group)."/".md5($id.DB_PASSWORD).'.php'; $cache_file = $this->cache_dir.$this->get_group_dir($group)."/".$this->hash($id).'.php';
if (!file_exists($cache_file)) { if (!file_exists($cache_file)) {
$this->non_existant_objects[$group][$id] = true; $this->non_existant_objects[$group][$id] = true;
$this->cache_misses += 1; $this->cache_misses += 1;
@ -173,6 +173,18 @@ class WP_Object_Cache {
return "{$this->blog_id}/$group"; return "{$this->blog_id}/$group";
} }
function hash($data) {
global $wp_server_secret;
if ( empty($wp_server_secret) )
$wp_server_secret = DB_PASSWORD;
if ( function_exists('hash_hmac') ) {
return hash_hmac('md5', $data, $wp_server_secret);
} else {
return md5($data . $wp_server_secret);
}
}
function load_group_from_db($group) { function load_group_from_db($group) {
global $wpdb; global $wpdb;
@ -322,7 +334,7 @@ class WP_Object_Cache {
$ids = array_unique($ids); $ids = array_unique($ids);
foreach ($ids as $id) { foreach ($ids as $id) {
$cache_file = $group_dir.md5($id.DB_PASSWORD).'.php'; $cache_file = $group_dir.$this->hash($id).'.php';
// Remove the cache file if the key is not set. // Remove the cache file if the key is not set.
if (!isset ($this->cache[$group][$id])) { if (!isset ($this->cache[$group][$id])) {
@ -414,7 +426,7 @@ class WP_Object_Cache {
if (defined('CACHE_EXPIRATION_TIME')) if (defined('CACHE_EXPIRATION_TIME'))
$this->expiration_time = CACHE_EXPIRATION_TIME; $this->expiration_time = CACHE_EXPIRATION_TIME;
$this->blog_id = md5($blog_id); $this->blog_id = $this->hash($blog_id);
} }
} }
?> ?>

View File

@ -491,7 +491,7 @@ function wp_verify_nonce($nonce, $action = -1) {
$i = ceil(time() / 43200); $i = ceil(time() / 43200);
//Allow for expanding range, but only do one check if we can //Allow for expanding range, but only do one check if we can
if( substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10) == $nonce || substr(md5(($i - 1) . DB_PASSWORD . $action . $uid), -12, 10) == $nonce ) if( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
return true; return true;
return false; return false;
} }
@ -504,7 +504,21 @@ function wp_create_nonce($action = -1) {
$i = ceil(time() / 43200); $i = ceil(time() / 43200);
return substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10); return substr(wp_hash($i . $action . $uid), -12, 10);
}
endif;
if ( !function_exists('wp_hash') ) :
function wp_hash($data) {
$secret = get_option('secret');
if ( empty($secret) )
$secret = DB_PASSWORD;
if ( function_exists('hash_hmac') ) {
return hash_hmac('md5', $data, $secret);
} else {
return md5($data . $secret);
}
} }
endif; endif;

View File

@ -3,6 +3,6 @@
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN // This just holds the version number, in a separate file so we can bump it without cluttering the SVN
$wp_version = '2.1-alpha1'; $wp_version = '2.1-alpha1';
$wp_db_version = 3797; $wp_db_version = 3809;
?> ?>