Make WordPress Core

Changeset 13137


Ignore:
Timestamp:
02/14/2010 04:06:30 AM (15 years ago)
Author:
nacin
Message:

Use an expanded special character set when generating auth keys and salts via wp_generate_password(). Props sivel, see #12159

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/schema.php

    r13070 r13137  
    266266
    267267    // 2.0.3
    268     'secret' => wp_generate_password(64),
     268    'secret' => wp_generate_password( 64, true, true ),
    269269
    270270    // 2.1
  • trunk/wp-admin/setup-config.php

    r13133 r13137  
    190190        require_once( ABSPATH . WPINC . '/pluggable.php' );
    191191        for ( $i = 0; $i < 8; $i++ )
    192             $secret_keys[] = wp_generate_password( 64 );
     192            $secret_keys[] = wp_generate_password( 64, true, true );
    193193    } else {
    194194        $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
  • trunk/wp-includes/pluggable.php

    r13133 r13137  
    13091309            $salt = get_option('auth_salt');
    13101310            if ( empty($salt) ) {
    1311                 $salt = wp_generate_password(64);
     1311                $salt = wp_generate_password( 64, true, true );
    13121312                update_option('auth_salt', $salt);
    13131313            }
     
    13221322            $salt = get_option('secure_auth_salt');
    13231323            if ( empty($salt) ) {
    1324                 $salt = wp_generate_password(64);
     1324                $salt = wp_generate_password( 64, true, true );
    13251325                update_option('secure_auth_salt', $salt);
    13261326            }
     
    13351335            $salt = get_option('logged_in_salt');
    13361336            if ( empty($salt) ) {
    1337                 $salt = wp_generate_password(64);
     1337                $salt = wp_generate_password( 64, true, true );
    13381338                update_option('logged_in_salt', $salt);
    13391339            }
     
    13481348            $salt = get_option('nonce_salt');
    13491349            if ( empty($salt) ) {
    1350                 $salt = wp_generate_password(64);
     1350                $salt = wp_generate_password( 64, true, true );
    13511351                update_option('nonce_salt', $salt);
    13521352            }
     
    14621462 *
    14631463 * @param int $length The length of password to generate
    1464  * @param bool $special_chars Whether to include standard special characters
     1464 * @param bool $special_chars Whether to include standard special characters. Default true.
     1465 * @param bool $extra_special_chars Whether to include more special characters. Used
     1466 *   when generating secret keys and salts. Default false.
    14651467 * @return string The random password
    14661468 **/
    1467 function wp_generate_password($length = 12, $special_chars = true) {
     1469function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) {
    14681470    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    1469     if ( $special_chars )
     1471    if ( $special_chars ) {
    14701472        $chars .= '!@#$%^&*()';
     1473        if ( $extra_special_chars )
     1474            $chars .= '-_ []{}<>~`+=,.;:/?|';
     1475    }
    14711476
    14721477    $password = '';
Note: See TracChangeset for help on using the changeset viewer.