Make WordPress Core

Changeset 13133


Ignore:
Timestamp:
02/14/2010 02:47:45 AM (15 years ago)
Author:
nacin
Message:

Fall back to wp_generate_password() in setup-config.php if HTTPS request for secret keys fails. Also use pretty link to secret-key API, see #12159

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/setup-config.php

    r13042 r13133  
    1616 */
    1717define('WP_INSTALLING', true);
     18
     19/**
     20 * We are blissfully unaware of anything.
     21 */
     22define('WP_SETUP_CONFIG', true);
    1823
    1924/**
     
    180185    /**#@-*/
    181186
    182     $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/?salt=1' );
    183     if ( is_wp_error( $secret_keys ) )
    184         $secret_keys = false;
    185     else
     187    $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
     188    if ( is_wp_error( $secret_keys ) ) {
     189        $secret_keys = array();
     190        require_once( ABSPATH . WPINC . '/pluggable.php' );
     191        for ( $i = 0; $i < 8; $i++ )
     192            $secret_keys[] = wp_generate_password( 64 );
     193    } else {
    186194        $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
     195        foreach ( $secret_keys as $k => $v )
     196            $secret_keys[$k] = substr( $v, 28, 64 );
     197    }
    187198    $key = 0;
    188199
     
    212223            case "define('LOGGED_I":
    213224            case "define('NONCE_SA":
    214                 if ( $secret_keys )
    215                     $configFile[$line_num] = str_replace('put your unique phrase here', substr( $secret_keys[$key++], 28, 64 ), $line );
     225                $configFile[$line_num] = str_replace('put your unique phrase here', $secret_keys[$key++], $line );
    216226                break;
    217227        }
  • trunk/wp-config-sample.php

    r13026 r13133  
    3838 *
    3939 * Change these to different unique phrases!
    40  * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/?salt=1 WordPress.org secret-key service}
     40 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
    4141 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
    4242 *
  • trunk/wp-includes/pluggable.php

    r13093 r13133  
    14961496    // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
    14971497    if ( strlen($rnd_value) < 8 ) {
    1498         $seed = get_transient('random_seed');
     1498        if ( defined( 'WP_SETUP_CONFIG' ) )
     1499            static $seed = '';
     1500        else
     1501            $seed = get_transient('random_seed');
    14991502        $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed );
    15001503        $rnd_value .= sha1($rnd_value);
    15011504        $rnd_value .= sha1($rnd_value . $seed);
    15021505        $seed = md5($seed . $rnd_value);
    1503         set_transient('random_seed', $seed);
     1506        if ( ! defined( 'WP_SETUP_CONFIG' ) )
     1507            set_transient('random_seed', $seed);
    15041508    }
    15051509
Note: See TracChangeset for help on using the changeset viewer.