WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Setup config: Generate the default secret keys & salts from the local CSPRNG if available, falling back to the WordPress.org API and a backup psuedo random source. 

Props diddledan.
Fixes #35290

Built from https://develop.svn.wordpress.org/trunk@36872


git-svn-id: http://core.svn.wordpress.org/trunk@36839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dion Hulse 2016-03-07 06:32:29 +00:00
parent f4ef187c2c
commit cbda43788b
2 changed files with 27 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
wp-admin/setup-config.php
View File

@ -276,21 +276,34 @@ switch($step) {
if ( ! empty( $wpdb->error ) )
wp_die( $wpdb->error->get_error_message() . $tryagain_link );
// Fetch or generate keys and salts.
$no_api = isset( $_POST['noapi'] );
if ( ! $no_api ) {
$secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
}
if ( $no_api || is_wp_error( $secret_keys ) ) {
$secret_keys = array();
// Generate keys and salts using secure CSPRNG; fallback to API if enabled; further fallback to original wp_generate_password().
try {
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|';
$max = strlen($chars) - 1;
for ( $i = 0; $i < 8; $i++ ) {
$secret_keys[] = wp_generate_password( 64, true, true );
$key = '';
for ( $j = 0; $j < 64; $j++ ) {
$key .= substr( $chars, random_int( 0, $max ), 1 );
}
$secret_keys[] = $key;
}
} else {
$secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
foreach ( $secret_keys as $k => $v ) {
$secret_keys[$k] = substr( $v, 28, 64 );
} catch ( Exception $ex ) {
$no_api = isset( $_POST['noapi'] );
if ( ! $no_api ) {
$secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
}
if ( $no_api || is_wp_error( $secret_keys ) ) {
$secret_keys = array();
for ( $i = 0; $i < 8; $i++ ) {
$secret_keys[] = wp_generate_password( 64, true, true );
}
} else {
$secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
foreach ( $secret_keys as $k => $v ) {
$secret_keys[$k] = substr( $v, 28, 64 );
}
}
}

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.5-beta2-36871';
$wp_version = '4.5-beta2-36872';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.