wp_hash() and server secret.

git-svn-id: http://svn.automattic.com/wordpress/trunk@3810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-05-31 00:24:03 +00:00
parent 20b5e18fea
commit a50330dd45
4 changed files with 36 additions and 6 deletions

View File

@ -224,6 +224,10 @@ function populate_options() {
add_option('uploads_use_yearmonth_folders', 1);
add_option('upload_path', 'wp-content/uploads');
}
// 2.0.3
add_option('secret', md5(uniqid(microtime())));
// 2.1
add_option('blog_public', 1);
add_option('default_link_category', 2);

View File

@ -142,7 +142,7 @@ class WP_Object_Cache {
return false;
}
$cache_file = $this->cache_dir.$this->get_group_dir($group)."/".md5($id.DB_PASSWORD).'.php';
$cache_file = $this->cache_dir.$this->get_group_dir($group)."/".$this->hash($id).'.php';
if (!file_exists($cache_file)) {
$this->non_existant_objects[$group][$id] = true;
$this->cache_misses += 1;
@ -173,6 +173,18 @@ class WP_Object_Cache {
return "{$this->blog_id}/$group";
}
function hash($data) {
global $wp_server_secret;
if ( empty($wp_server_secret) )
$wp_server_secret = DB_PASSWORD;
if ( function_exists('hash_hmac') ) {
return hash_hmac('md5', $data, $wp_server_secret);
} else {
return md5($data . $wp_server_secret);
}
}
function load_group_from_db($group) {
global $wpdb;
@ -322,7 +334,7 @@ class WP_Object_Cache {
$ids = array_unique($ids);
foreach ($ids as $id) {
$cache_file = $group_dir.md5($id.DB_PASSWORD).'.php';
$cache_file = $group_dir.$this->hash($id).'.php';
// Remove the cache file if the key is not set.
if (!isset ($this->cache[$group][$id])) {
@ -414,7 +426,7 @@ class WP_Object_Cache {
if (defined('CACHE_EXPIRATION_TIME'))
$this->expiration_time = CACHE_EXPIRATION_TIME;
$this->blog_id = md5($blog_id);
$this->blog_id = $this->hash($blog_id);
}
}
?>

View File

@ -491,7 +491,7 @@ function wp_verify_nonce($nonce, $action = -1) {
$i = ceil(time() / 43200);
//Allow for expanding range, but only do one check if we can
if( substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10) == $nonce || substr(md5(($i - 1) . DB_PASSWORD . $action . $uid), -12, 10) == $nonce )
if( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
return true;
return false;
}
@ -504,7 +504,21 @@ function wp_create_nonce($action = -1) {
$i = ceil(time() / 43200);
return substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10);
return substr(wp_hash($i . $action . $uid), -12, 10);
}
endif;
if ( !function_exists('wp_hash') ) :
function wp_hash($data) {
$secret = get_option('secret');
if ( empty($secret) )
$secret = DB_PASSWORD;
if ( function_exists('hash_hmac') ) {
return hash_hmac('md5', $data, $secret);
} else {
return md5($data . $secret);
}
}
endif;

View File

@ -3,6 +3,6 @@
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN
$wp_version = '2.1-alpha1';
$wp_db_version = 3797;
$wp_db_version = 3809;
?>