sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't use variable variables in wp_salt().

Browse Source 
See #27881.


git-svn-id: https://develop.svn.wordpress.org/trunk@28741 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Scott Taylor 2014-06-11 18:35:42 +00:00
parent 0d0cdfe1c7
commit 0675902ec8
1 changed files with 25 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/wp-includes/pluggable.php
View File

@ -1773,45 +1773,51 @@ function wp_salt( $scheme = 'auth' ) {
$duplicated_keys = array( 'put your unique phrase here' => true ); $duplicated_keys = array( 'put your unique phrase here' => true );
foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) { foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) {
foreach ( array( 'KEY', 'SALT' ) as $second ) { foreach ( array( 'KEY', 'SALT' ) as $second ) {
if ( ! defined( "{$first}_{$second}" ) ) if ( ! defined( "{$first}_{$second}" ) ) {
continue; continue;
}
$value = constant( "{$first}_{$second}" ); $value = constant( "{$first}_{$second}" );
$duplicated_keys[ $value ] = isset( $duplicated_keys[ $value ] ); $duplicated_keys[ $value ] = isset( $duplicated_keys[ $value ] );
} }
} }
} }
$key = $salt = ''; $values = array(
if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) ) 'key' => '',
$key = SECRET_KEY; 'salt' => ''
if ( 'auth' == $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) ) );
$salt = SECRET_SALT; if ( defined( 'SECRET_KEY' ) && SECRET_KEY && empty( $duplicated_keys[ SECRET_KEY ] ) ) {
$values['key'] = SECRET_KEY;
}
if ( 'auth' == $scheme && defined( 'SECRET_SALT' ) && SECRET_SALT && empty( $duplicated_keys[ SECRET_SALT ] ) ) {
$values['salt'] = SECRET_SALT;
}
if ( in_array( $scheme, array( 'auth', 'secure_auth', 'logged_in', 'nonce' ) ) ) { if ( in_array( $scheme, array( 'auth', 'secure_auth', 'logged_in', 'nonce' ) ) ) {
foreach ( array( 'key', 'salt' ) as $type ) { foreach ( array( 'key', 'salt' ) as $type ) {
$const = strtoupper( "{$scheme}_{$type}" ); $const = strtoupper( "{$scheme}_{$type}" );
if ( defined( $const ) && constant( $const ) && empty( $duplicated_keys[ constant( $const ) ] ) ) { if ( defined( $const ) && constant( $const ) && empty( $duplicated_keys[ constant( $const ) ] ) ) {
$$type = constant( $const ); $values[ $type ] = constant( $const );
} elseif ( ! $$type ) { } elseif ( ! $values[ $type ] ) {
$$type = get_site_option( "{$scheme}_{$type}" ); $values[ $type ] = get_site_option( "{$scheme}_{$type}" );
if ( ! $$type ) { if ( ! $values[ $type ] ) {
$$type = wp_generate_password( 64, true, true ); $values[ $type ] = wp_generate_password( 64, true, true );
update_site_option( "{$scheme}_{$type}", $$type ); update_site_option( "{$scheme}_{$type}", $values[ $type ] );
} }
} }
} }
} else { } else {
if ( ! $key ) { if ( ! $values['key'] ) {
$key = get_site_option( 'secret_key' ); $values['key'] = get_site_option( 'secret_key' );
if ( ! $key ) { if ( ! $values['key'] ) {
$key = wp_generate_password( 64, true, true ); $values['key'] = wp_generate_password( 64, true, true );
update_site_option( 'secret_key', $key ); update_site_option( 'secret_key', $values['key'] );
} }
} }
$salt = hash_hmac( 'md5', $scheme, $key ); $values['salt'] = hash_hmac( 'md5', $scheme, $values['key'] );
} }
$cached_salts[ $scheme ] = $key . $salt; $cached_salts[ $scheme ] = $values['key'] . $values['salt'];
/** This filter is documented in wp-includes/pluggable.php */ /** This filter is documented in wp-includes/pluggable.php */
return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme ); return apply_filters( 'salt', $cached_salts[ $scheme ], $scheme );