From 06cb9d7691535b4fddc3761be7c1fe3ab6ff2f68 Mon Sep 17 00:00:00 2001
From: audrasjb <audrasjb@git.wordpress.org>
Date: Tue, 20 Sep 2022 11:57:20 +0000
Subject: [PATCH] Security: Salting functions: translate the phrase "put your
 unique phrase here".

In `wp_salt()` WordPress pre-populates the check for duplicate salt values with the default put your unique phrase here. As the `wp-config.php file` for non-en_US can be translated in downloaded packages, a translated version of this phrase ought to be in the pre-populated duplicate values array too.

Props peterwilsoncc, SergeyBiryukov, whaze, costdev, audrasjb.
Fixes #55937.

Built from https://develop.svn.wordpress.org/trunk@54249


git-svn-id: http://core.svn.wordpress.org/trunk@53808 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/maint/repair.php                             |  2 +-
 wp-includes/class-wp-recovery-mode-cookie-service.php |  2 +-
 wp-includes/pluggable.php                             | 10 +++++++++-
 wp-includes/version.php                               |  2 +-
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/wp-admin/maint/repair.php b/wp-admin/maint/repair.php
index b4219b30ad..6c9e8fe82a 100644
--- a/wp-admin/maint/repair.php
+++ b/wp-admin/maint/repair.php
@@ -37,7 +37,7 @@ if ( ! defined( 'WP_ALLOW_REPAIR' ) || ! WP_ALLOW_REPAIR ) {
 	);
 	echo "</p><p><code>define('WP_ALLOW_REPAIR', true);</code></p>";
 
-	$default_key     = 'put your unique phrase here';
+	$default_key     = __( 'put your unique phrase here' );
 	$missing_key     = false;
 	$duplicated_keys = array();
 
diff --git a/wp-includes/class-wp-recovery-mode-cookie-service.php b/wp-includes/class-wp-recovery-mode-cookie-service.php
index df59b35780..5d3be11f6e 100644
--- a/wp-includes/class-wp-recovery-mode-cookie-service.php
+++ b/wp-includes/class-wp-recovery-mode-cookie-service.php
@@ -198,7 +198,7 @@ final class WP_Recovery_Mode_Cookie_Service {
 	 * @return string|false The hashed $data, or false on failure.
 	 */
 	private function recovery_mode_hash( $data ) {
-		if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === 'put your unique phrase here' ) {
+		if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === __( 'put your unique phrase here' ) ) {
 			$auth_key = get_site_option( 'recovery_mode_auth_key' );
 
 			if ( ! $auth_key ) {
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 387c3e2c7b..64478e27fa 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -2408,7 +2408,15 @@ if ( ! function_exists( 'wp_salt' ) ) :
 
 		static $duplicated_keys;
 		if ( null === $duplicated_keys ) {
-			$duplicated_keys = array( 'put your unique phrase here' => true );
+			$duplicated_keys = array(
+				'put your unique phrase here'       => true,
+				/*
+				 * translators: This string should only be translated if wp-config-sample.php is localized.
+				 * You can check the localized release package or
+				 * https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php
+				 */
+				__( 'put your unique phrase here' ) => true,
+			);
 			foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) {
 				foreach ( array( 'KEY', 'SALT' ) as $second ) {
 					if ( ! defined( "{$first}_{$second}" ) ) {
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 7bd1312ec9..7684db6f8c 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.1-alpha-54248';
+$wp_version = '6.1-alpha-54249';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.