Introduce NONCE_SALT and NONCE_KEY

git-svn-id: https://develop.svn.wordpress.org/trunk@10120 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2008-12-07 21:31:13 +00:00
parent f5b4d2bf10
commit f3dd1ef856
2 changed files with 17 additions and 3 deletions

View File

@ -44,6 +44,7 @@ define('DB_COLLATE', '');
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
/**#@-*/
/**

View File

@ -1159,10 +1159,10 @@ function wp_verify_nonce($nonce, $action = -1) {
$i = wp_nonce_tick();
// Nonce generated 0-12 hours ago
if ( substr(wp_hash($i . $action . $uid), -12, 10) == $nonce )
if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce )
return 1;
// Nonce generated 12-24 hours ago
if ( substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce )
if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce )
return 2;
// Invalid nonce
return false;
@ -1184,7 +1184,7 @@ function wp_create_nonce($action = -1) {
$i = wp_nonce_tick();
return substr(wp_hash($i . $action . $uid), -12, 10);
return substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10);
}
endif;
@ -1272,6 +1272,19 @@ function wp_salt($scheme = 'auth') {
update_option('logged_in_salt', $salt);
}
}
} elseif ( 'nonce' == $scheme ) {
if ( defined('NONCE_KEY') && ('' != NONCE_KEY) && ( $wp_default_secret_key != NONCE_KEY) )
$secret_key = NONCE_KEY;
if ( defined('NONCE_SALT') ) {
$salt = NONCE_SALT;
} else {
$salt = get_option('nonce_salt');
if ( empty($salt) ) {
$salt = wp_generate_password();
update_option('nonce_salt', $salt);
}
}
} else {
// ensure each auth scheme has its own unique salt
$salt = hash_hmac('md5', $scheme, $secret_key);