WordPress.org
Get WordPress

Make WordPress Core

Changeset 3813


Ignore:
Timestamp:
05/31/2006 05:01:09 AM (20 years ago)
Author:
ryan
Message:

wp_hash(), wp_salt(), and server secret.

Location:
branches/2.0
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • branches/2.0/wp-admin/upgrade-schema.php

    r3453 r3813  
    230230        add_option('upload_path', 'wp-content/uploads');
    231231    }
     232   
     233    // 2.0.3
     234    add_option('secret', md5(uniqid(microtime())));
    232235
    233236    // Delete unused options

  • branches/2.0/wp-includes/cache.php

    r3797 r3813  
    6565    var $warm_cache_hits = 0;
    6666    var $cache_misses = 0;
     67    var $secret = '';
    6768
    6869    function acquire_lock() {
     
    143144        }
    144145
    145         $cache_file = $this->cache_dir.$this->get_group_dir($group)."/".md5($id.DB_PASSWORD).'.php';
     146        $cache_file = $this->cache_dir.$this->get_group_dir($group)."/".$this->hash($id).'.php';
    146147        if (!file_exists($cache_file)) {
    147148            $this->non_existant_objects[$group][$id] = true;
     
    172173
    173174        return "{$this->blog_id}/$group";
     175    }
     176
     177    function hash($data) {
     178        if ( function_exists('hash_hmac') ) {
     179            return hash_hmac('md5', $data, $this->secret);
     180        } else {
     181            return md5($data . $this->secret);
     182        }
    174183    }
    175184
     
    333342            $ids = array_unique($ids);
    334343            foreach ($ids as $id) {
    335                 $cache_file = $group_dir.md5($id.DB_PASSWORD).'.php';
     344                $cache_file = $group_dir.$this->hash($id).'.php';
    336345
    337346                // Remove the cache file if the key is not set.
     
    425434            $this->expiration_time = CACHE_EXPIRATION_TIME;
    426435
    427         $this->blog_id = md5($blog_id);
     436        if ( defined('WP_SECRET') )
     437            $this->secret = WP_SECRET;
     438        else
     439            $this->secret = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH;
     440
     441        $this->blog_id = $this->hash($blog_id);
    428442    }
    429443}

  • branches/2.0/wp-includes/pluggable-functions.php

    r3780 r3813  
    489489
    490490    //Allow for expanding range, but only do one check if we can
    491     if( substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10) == $nonce || substr(md5(($i - 1) . DB_PASSWORD . $action . $uid), -12, 10) == $nonce )
     491    if( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
    492492        return true;
    493493    return false;
     
    502502    $i = ceil(time() / 43200);
    503503   
    504     return substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10);
     504    return substr(wp_hash($i . $action . $uid), -12, 10);
     505}
     506endif;
     507
     508if ( !function_exists('wp_salt') ) :
     509function wp_salt() {
     510    $salt = get_option('secret');
     511    if ( empty($salt) )
     512        $salt = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH;
     513
     514    return $salt;
     515}
     516endif;
     517
     518if ( !function_exists('wp_hash') ) :
     519function wp_hash($data) {
     520    $salt = wp_salt();
     521
     522    if ( function_exists('hash_hmac') ) {
     523        return hash_hmac('md5', $data, $salt);
     524    } else {
     525        return md5($data . $salt);
     526    }
    505527}
    506528endif;

  • branches/2.0/wp-includes/version.php

    r3797 r3813  
    44
    55$wp_version = '2.0.3-beta';
    6 $wp_db_version = 3796;
     6$wp_db_version = 3310;
    77
    88?>
Note: See TracChangeset for help on using the changeset viewer.