From 03a9269b113f2a3fbe30eddf395e90612bec1cd5 Mon Sep 17 00:00:00 2001 From: ryan Date: Sun, 23 Dec 2007 00:58:06 +0000 Subject: [PATCH] Don't fallback to DB info for secret key. Allow expiration grace period for AJAX requests. see #5367 git-svn-id: http://svn.automattic.com/wordpress/trunk@6471 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-config-sample.php | 4 ++++ wp-includes/pluggable.php | 15 +++++++-------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/wp-config-sample.php b/wp-config-sample.php index 6b9956745f..f46119cdc1 100644 --- a/wp-config-sample.php +++ b/wp-config-sample.php @@ -6,6 +6,10 @@ define('DB_PASSWORD', 'yourpasswordhere'); // ...and password define('DB_HOST', 'localhost'); // 99% chance you won't need to change this value define('DB_CHARSET', 'utf8'); define('DB_COLLATE', ''); + +// Change SECRET_KEY to a unique phrase. You won't have to remember it later, +// so make it long and complicated. You can visit https://www.grc.com/passwords.htm +// to get a phrase generated for you. define('SECRET_KEY', ''); // Change this to a unique phrase. // You can have multiple installations in one database if you give each a unique prefix diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 1706845628..ade158c9ce 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -336,8 +336,8 @@ function wp_validate_auth_cookie($cookie = '') { $expired = $expiration; - // Allow a grace period for POST requests - if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) + // Allow a grace period for POST and AJAX requests + if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] ) $expired += 3600; if ( $expired < time() ) @@ -699,18 +699,17 @@ endif; if ( !function_exists('wp_salt') ) : function wp_salt() { + + if ( defined('SECRET_KEY') && '' != SECRET_KEY ) + return SECRET_KEY; + $salt = get_option('secret'); if ( empty($salt) ) { $salt = wp_generate_password(); update_option('secret', $salt); } - if ( !defined('SECRET_KEY') || '' == SECRET_KEY ) - $secret_key = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH; - else - $secret_key = SECRET_KEY; - - return $salt . $secret_key; + return $salt; } endif;