From 43d5926b6b49622ac9e21c1183b8f7e7f645c7a4 Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Sun, 14 Feb 2010 02:47:45 +0000 Subject: [PATCH] Fall back to wp_generate_password() in setup-config.php if HTTPS request for secret keys fails. Also use pretty link to secret-key API, see #12159 git-svn-id: https://develop.svn.wordpress.org/trunk@13133 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/setup-config.php | 22 ++++++++++++++++------ wp-config-sample.php | 2 +- wp-includes/pluggable.php | 8 ++++++-- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/wp-admin/setup-config.php b/wp-admin/setup-config.php index eba21f38a9..97fc342a5f 100644 --- a/wp-admin/setup-config.php +++ b/wp-admin/setup-config.php @@ -16,6 +16,11 @@ */ define('WP_INSTALLING', true); +/** + * We are blissfully unaware of anything. + */ +define('WP_SETUP_CONFIG', true); + /** * Disable error reporting * @@ -179,11 +184,17 @@ switch($step) { } /**#@-*/ - $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/?salt=1' ); - if ( is_wp_error( $secret_keys ) ) - $secret_keys = false; - else + $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' ); + if ( is_wp_error( $secret_keys ) ) { + $secret_keys = array(); + require_once( ABSPATH . WPINC . '/pluggable.php' ); + for ( $i = 0; $i < 8; $i++ ) + $secret_keys[] = wp_generate_password( 64 ); + } else { $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) ); + foreach ( $secret_keys as $k => $v ) + $secret_keys[$k] = substr( $v, 28, 64 ); + } $key = 0; foreach ($configFile as $line_num => $line) { @@ -211,8 +222,7 @@ switch($step) { case "define('SECURE_A": case "define('LOGGED_I": case "define('NONCE_SA": - if ( $secret_keys ) - $configFile[$line_num] = str_replace('put your unique phrase here', substr( $secret_keys[$key++], 28, 64 ), $line ); + $configFile[$line_num] = str_replace('put your unique phrase here', $secret_keys[$key++], $line ); break; } } diff --git a/wp-config-sample.php b/wp-config-sample.php index 9806ae5ab3..fc60a825e7 100644 --- a/wp-config-sample.php +++ b/wp-config-sample.php @@ -37,7 +37,7 @@ define('DB_COLLATE', ''); * Authentication Unique Keys and Salts. * * Change these to different unique phrases! - * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/?salt=1 WordPress.org secret-key service} + * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index e8e15002a1..27a231c2e7 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -1495,12 +1495,16 @@ function wp_rand( $min = 0, $max = 0 ) { // Reset $rnd_value after 14 uses // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value if ( strlen($rnd_value) < 8 ) { - $seed = get_transient('random_seed'); + if ( defined( 'WP_SETUP_CONFIG' ) ) + static $seed = ''; + else + $seed = get_transient('random_seed'); $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed ); $rnd_value .= sha1($rnd_value); $rnd_value .= sha1($rnd_value . $seed); $seed = md5($seed . $rnd_value); - set_transient('random_seed', $seed); + if ( ! defined( 'WP_SETUP_CONFIG' ) ) + set_transient('random_seed', $seed); } // Take the first 8 digits for our value