Ticket #35290: 35290.2.diff
| File 35290.2.diff, 1.8 KB (added by , 10 years ago) |
|---|
-
wp-admin/setup-config.php
276 276 if ( ! empty( $wpdb->error ) ) 277 277 wp_die( $wpdb->error->get_error_message() . $tryagain_link ); 278 278 279 // Fetch or generate keys and salts. 280 $no_api = isset( $_POST['noapi'] ); 281 if ( ! $no_api ) { 282 $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' ); 283 } 284 285 if ( $no_api || is_wp_error( $secret_keys ) ) { 286 $secret_keys = array(); 279 // Generate keys and salts using secure CSPRNG; fallback to API if enabled; further fallback to original wp_generate_password(). 280 try { 281 $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|'; 282 $max = strlen($chars) - 1; 287 283 for ( $i = 0; $i < 8; $i++ ) { 288 $secret_keys[] = wp_generate_password( 64, true, true ); 284 $key = ''; 285 for ( $j = 0; $j < 64; $j++ ) { 286 $key .= substr( $chars, random_int( 0, $max ), 1 ); 287 } 288 $secret_keys[] = $key; 289 289 } 290 } else { 291 $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) ); 292 foreach ( $secret_keys as $k => $v ) { 293 $secret_keys[$k] = substr( $v, 28, 64 ); 290 } catch (Exception $ex) { 291 $no_api = isset( $_POST['noapi'] ); 292 293 if ( ! $no_api ) { 294 $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' ); 294 295 } 296 297 if ( $no_api || is_wp_error( $secret_keys ) ) { 298 $secret_keys = array(); 299 for ( $i = 0; $i < 8; $i++ ) { 300 $secret_keys[] = wp_generate_password( 64, true, true ); 301 } 302 } else { 303 $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) ); 304 foreach ( $secret_keys as $k => $v ) { 305 $secret_keys[$k] = substr( $v, 28, 64 ); 306 } 307 } 295 308 } 296 309 297 310 $key = 0;