WordPress.org

Make WordPress Core

Changeset 13137


Ignore:
Timestamp:
02/14/10 04:06:30 (4 years ago)
Author:
nacin
Message:

Use an expanded special character set when generating auth keys and salts via wp_generate_password(). Props sivel, see #12159

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/schema.php

    r13070 r13137  
    266266 
    267267    // 2.0.3 
    268     'secret' => wp_generate_password(64), 
     268    'secret' => wp_generate_password( 64, true, true ), 
    269269 
    270270    // 2.1 
  • trunk/wp-admin/setup-config.php

    r13133 r13137  
    190190        require_once( ABSPATH . WPINC . '/pluggable.php' ); 
    191191        for ( $i = 0; $i < 8; $i++ ) 
    192             $secret_keys[] = wp_generate_password( 64 ); 
     192            $secret_keys[] = wp_generate_password( 64, true, true ); 
    193193    } else { 
    194194        $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) ); 
  • trunk/wp-includes/pluggable.php

    r13133 r13137  
    13091309            $salt = get_option('auth_salt'); 
    13101310            if ( empty($salt) ) { 
    1311                 $salt = wp_generate_password(64); 
     1311                $salt = wp_generate_password( 64, true, true ); 
    13121312                update_option('auth_salt', $salt); 
    13131313            } 
     
    13221322            $salt = get_option('secure_auth_salt'); 
    13231323            if ( empty($salt) ) { 
    1324                 $salt = wp_generate_password(64); 
     1324                $salt = wp_generate_password( 64, true, true ); 
    13251325                update_option('secure_auth_salt', $salt); 
    13261326            } 
     
    13351335            $salt = get_option('logged_in_salt'); 
    13361336            if ( empty($salt) ) { 
    1337                 $salt = wp_generate_password(64); 
     1337                $salt = wp_generate_password( 64, true, true ); 
    13381338                update_option('logged_in_salt', $salt); 
    13391339            } 
     
    13481348            $salt = get_option('nonce_salt'); 
    13491349            if ( empty($salt) ) { 
    1350                 $salt = wp_generate_password(64); 
     1350                $salt = wp_generate_password( 64, true, true ); 
    13511351                update_option('nonce_salt', $salt); 
    13521352            } 
     
    14621462 * 
    14631463 * @param int $length The length of password to generate 
    1464  * @param bool $special_chars Whether to include standard special characters 
     1464 * @param bool $special_chars Whether to include standard special characters. Default true. 
     1465 * @param bool $extra_special_chars Whether to include more special characters. Used 
     1466 *   when generating secret keys and salts. Default false. 
    14651467 * @return string The random password 
    14661468 **/ 
    1467 function wp_generate_password($length = 12, $special_chars = true) { 
     1469function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) { 
    14681470    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; 
    1469     if ( $special_chars ) 
     1471    if ( $special_chars ) { 
    14701472        $chars .= '!@#$%^&*()'; 
     1473        if ( $extra_special_chars ) 
     1474            $chars .= '-_ []{}<>~`+=,.;:/?|'; 
     1475    } 
    14711476 
    14721477    $password = ''; 
Note: See TracChangeset for help on using the changeset viewer.