Make WordPress Core

Ticket #14803: 14803.diff

File 14803.diff, 1.8 KB (added by coffee2code, 14 years ago)

Patch mentioned in ticket.

  • wp-admin/includes/ms.php

     
    571571
    572572/* Warn the admin if SECRET SALT information is missing from wp-config.php */
    573573function secret_salt_warning() {
     574        global $wp_default_secret_key;
    574575        if ( !is_super_admin() )
    575576                return;
    576577        $secret_keys = array( 'AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT' );
    577578        $out = '';
     579        $default = array();
    578580        foreach( $secret_keys as $key ) {
    579581                if ( ! defined( $key ) )
    580582                        $out .= "define( '$key', '" . esc_html( wp_generate_password( 64, true, true ) ) . "' );<br />";
     583                elseif ( $wp_default_secret_key == constant( $key ) || '' == constant( $key ) )
     584                        $default[] = $key;
    581585        }
    582586        if ( $out != '' ) {
    583587                $msg  = __( 'Warning! WordPress encrypts user cookies, but you must add the following lines to <strong>wp-config.php</strong> for it to be more secure.' );
     
    586590
    587591                echo "<div class='update-nag'>$msg</div>";
    588592        }
     593        if ( !empty( $default ) ) {
     594                $msg = __( 'Warning! WordPress encrypts user cookies, but in order to take advantage of that security you must supply custom values for the authentication keys and salts.' ) . '<br />';
     595                $msg .= sprintf( __( 'You can generate secure values at the <a href="%s" title="WordPress.org secret key service">WordPress.org secret key service</a> site. ' ), 'https://api.wordpress.org/secret-key/1.1/salt/' ) . '<br />';
     596                $msg .= sprintf( __( 'The following authentication keys/salts are using the default string or are blank in wp-config.php: %s' ), implode( ', ', $default ) );
     597
     598                echo "<div class='update-nag'>$msg</div>";
     599        }
    589600}
    590601add_action( 'admin_notices', 'secret_salt_warning' );
    591602