WordPress.org

Make WordPress Core

Changeset 6471


Ignore:
Timestamp:
12/23/07 00:58:06 (6 years ago)
Author:
ryan
Message:

Don't fallback to DB info for secret key. Allow expiration grace period for AJAX requests. see #5367

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-config-sample.php

    r6387 r6471  
    77define('DB_CHARSET', 'utf8'); 
    88define('DB_COLLATE', ''); 
     9 
     10// Change SECRET_KEY to a unique phrase.  You won't have to remember it later, 
     11// so make it long and complicated.  You can visit https://www.grc.com/passwords.htm 
     12// to get a phrase generated for you. 
    913define('SECRET_KEY', ''); // Change this to a unique phrase. 
    1014 
  • trunk/wp-includes/pluggable.php

    r6430 r6471  
    337337    $expired = $expiration; 
    338338 
    339     // Allow a grace period for POST requests 
    340     if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) 
     339    // Allow a grace period for POST and AJAX requests 
     340    if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] ) 
    341341        $expired += 3600; 
    342342 
     
    700700if ( !function_exists('wp_salt') ) : 
    701701function wp_salt() { 
     702 
     703    if ( defined('SECRET_KEY') && '' != SECRET_KEY ) 
     704        return SECRET_KEY; 
     705 
    702706    $salt = get_option('secret'); 
    703707    if ( empty($salt) ) { 
     
    706710    } 
    707711 
    708     if ( !defined('SECRET_KEY') || '' == SECRET_KEY ) 
    709         $secret_key = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH; 
    710     else 
    711         $secret_key = SECRET_KEY; 
    712          
    713     return $salt . $secret_key; 
     712    return $salt; 
    714713} 
    715714endif; 
Note: See TracChangeset for help on using the changeset viewer.