WordPress.org

Make WordPress Core

Changeset 13133


Ignore:
Timestamp:
02/14/10 02:47:45 (4 years ago)
Author:
nacin
Message:

Fall back to wp_generate_password() in setup-config.php if HTTPS request for secret keys fails. Also use pretty link to secret-key API, see #12159

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/setup-config.php

    r13042 r13133  
    1616 */ 
    1717define('WP_INSTALLING', true); 
     18 
     19/** 
     20 * We are blissfully unaware of anything. 
     21 */ 
     22define('WP_SETUP_CONFIG', true); 
    1823 
    1924/** 
     
    180185    /**#@-*/ 
    181186 
    182     $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/?salt=1' ); 
    183     if ( is_wp_error( $secret_keys ) ) 
    184         $secret_keys = false; 
    185     else 
     187    $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' ); 
     188    if ( is_wp_error( $secret_keys ) ) { 
     189        $secret_keys = array(); 
     190        require_once( ABSPATH . WPINC . '/pluggable.php' ); 
     191        for ( $i = 0; $i < 8; $i++ ) 
     192            $secret_keys[] = wp_generate_password( 64 ); 
     193    } else { 
    186194        $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) ); 
     195        foreach ( $secret_keys as $k => $v ) 
     196            $secret_keys[$k] = substr( $v, 28, 64 ); 
     197    } 
    187198    $key = 0; 
    188199 
     
    212223            case "define('LOGGED_I": 
    213224            case "define('NONCE_SA": 
    214                 if ( $secret_keys ) 
    215                     $configFile[$line_num] = str_replace('put your unique phrase here', substr( $secret_keys[$key++], 28, 64 ), $line ); 
     225                $configFile[$line_num] = str_replace('put your unique phrase here', $secret_keys[$key++], $line ); 
    216226                break; 
    217227        } 
  • trunk/wp-config-sample.php

    r13026 r13133  
    3838 * 
    3939 * Change these to different unique phrases! 
    40  * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/?salt=1 WordPress.org secret-key service} 
     40 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} 
    4141 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. 
    4242 * 
  • trunk/wp-includes/pluggable.php

    r13093 r13133  
    14961496    // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value 
    14971497    if ( strlen($rnd_value) < 8 ) { 
    1498         $seed = get_transient('random_seed'); 
     1498        if ( defined( 'WP_SETUP_CONFIG' ) ) 
     1499            static $seed = ''; 
     1500        else 
     1501            $seed = get_transient('random_seed'); 
    14991502        $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed ); 
    15001503        $rnd_value .= sha1($rnd_value); 
    15011504        $rnd_value .= sha1($rnd_value . $seed); 
    15021505        $seed = md5($seed . $rnd_value); 
    1503         set_transient('random_seed', $seed); 
     1506        if ( ! defined( 'WP_SETUP_CONFIG' ) ) 
     1507            set_transient('random_seed', $seed); 
    15041508    } 
    15051509 
Note: See TracChangeset for help on using the changeset viewer.