Changes between Initial Version and Version 1 of Ticket #46130, comment 6
- Timestamp:
- 01/29/2019 11:25:58 PM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #46130, comment 6
initial v1 26 26 The cookie value is generated by `generate_recovery_mode_cookie()`. The majority of the security related functions are defined in `pluggable.php`. When we load `pluggable.php` in other calls, we can immediately `die()` or `wp_redirect`. Since we have to validate this cookie on every page load, those functions aren't an option. 27 27 28 After discussing with @aaroncampbell, it looked like making a version of `wp_salt` that has its own fallbacks for invalid salts was a v ariable option.28 After discussing with @aaroncampbell, it looked like making a version of `wp_salt` that has its own fallbacks for invalid salts was a viable option. 29 29 30 30 A separate function, `recovery_mode_hash()` is introduced that performs a `hash_hmac` specific to recovery mode. This tries to use the `AUTH_KEY` and `AUTH_SALT` values, but if they aren't available, it will load `pluggable.php` and then generate random values and store them to site options, similarly to `wp_salt()`.