Changeset 36872
- Timestamp:
- 03/07/2016 06:31:18 AM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/setup-config.php
r36545 r36872 277 277 wp_die( $wpdb->error->get_error_message() . $tryagain_link ); 278 278 279 // Fetch or generate keys and salts. 280 $no_api = isset( $_POST['noapi'] ); 281 if ( ! $no_api ) { 282 $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' ); 283 } 284 285 if ( $no_api || is_wp_error( $secret_keys ) ) { 286 $secret_keys = array(); 279 // Generate keys and salts using secure CSPRNG; fallback to API if enabled; further fallback to original wp_generate_password(). 280 try { 281 $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|'; 282 $max = strlen($chars) - 1; 287 283 for ( $i = 0; $i < 8; $i++ ) { 288 $secret_keys[] = wp_generate_password( 64, true, true ); 289 } 290 } else { 291 $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) ); 292 foreach ( $secret_keys as $k => $v ) { 293 $secret_keys[$k] = substr( $v, 28, 64 ); 284 $key = ''; 285 for ( $j = 0; $j < 64; $j++ ) { 286 $key .= substr( $chars, random_int( 0, $max ), 1 ); 287 } 288 $secret_keys[] = $key; 289 } 290 } catch ( Exception $ex ) { 291 $no_api = isset( $_POST['noapi'] ); 292 293 if ( ! $no_api ) { 294 $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' ); 295 } 296 297 if ( $no_api || is_wp_error( $secret_keys ) ) { 298 $secret_keys = array(); 299 for ( $i = 0; $i < 8; $i++ ) { 300 $secret_keys[] = wp_generate_password( 64, true, true ); 301 } 302 } else { 303 $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) ); 304 foreach ( $secret_keys as $k => $v ) { 305 $secret_keys[$k] = substr( $v, 28, 64 ); 306 } 294 307 } 295 308 }
Note: See TracChangeset
for help on using the changeset viewer.