Changeset 10120 for trunk/wp-includes/pluggable.php

Timestamp:

12/07/2008 09:31:13 PM (16 years ago)

Author:

ryan

Message:

Introduce NONCE_SALT and NONCE_KEY

File:

• trunk/wp-includes/pluggable.php (modified) (3 diffs)

trunk/wp-includes/pluggable.php

@@ -1160 +1160 @@
 
     // Nonce generated 0-12 hours ago
-    if ( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce )
+    if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce )
         return 1;
     // Nonce generated 12-24 hours ago
-    if ( substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
+    if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce )
         return 2;
     // Invalid nonce
@@ -1185 +1185 @@
     $i = wp_nonce_tick();
 
-    return substr(wp_hash($i . $action . $uid), -12, 10);
+    return substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10);
 }
 endif;
@@ -1273 +1273 @@
             }
         }
+    } elseif ( 'nonce' == $scheme ) {
+        if ( defined('NONCE_KEY') && ('' != NONCE_KEY) && ( $wp_default_secret_key != NONCE_KEY) )
+            $secret_key = NONCE_KEY;
+
+        if ( defined('NONCE_SALT') ) {
+            $salt = NONCE_SALT;
+        } else {
+            $salt = get_option('nonce_salt');
+            if ( empty($salt) ) {
+                $salt = wp_generate_password();
+                update_option('nonce_salt', $salt);
+            }
+        }
     } else {
         // ensure each auth scheme has its own unique salt