Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-23 07:51:49 +01:00
Code Issues Projects Releases Wiki Activity

Use an expanded special character set when generating auth keys and salts via wp_generate_password(). Props sivel, see #12159

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@13137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2010-02-14 04:06:30 +00:00
parent 04212c36f3
commit db0e494344
3 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/includes/schema.php
View File

@ -265,7 +265,7 @@ function populate_options() {
'upload_path' => '',
// 2.0.3
'secret' => wp_generate_password(64),
'secret' => wp_generate_password( 64, true, true ),
// 2.1
'blog_public' => '1',

2
wp-admin/setup-config.php
View File

@ -189,7 +189,7 @@ switch($step) {
$secret_keys = array();
require_once( ABSPATH . WPINC . '/pluggable.php' );
for ( $i = 0; $i < 8; $i++ )
$secret_keys[] = wp_generate_password( 64 );
$secret_keys[] = wp_generate_password( 64, true, true );
} else {
$secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
foreach ( $secret_keys as $k => $v )

19
wp-includes/pluggable.php
View File

@ -1308,7 +1308,7 @@ function wp_salt($scheme = 'auth') {
} else {
$salt = get_option('auth_salt');
if ( empty($salt) ) {
$salt = wp_generate_password(64);
$salt = wp_generate_password( 64, true, true );
update_option('auth_salt', $salt);
}
}
@ -1321,7 +1321,7 @@ function wp_salt($scheme = 'auth') {
} else {
$salt = get_option('secure_auth_salt');
if ( empty($salt) ) {
$salt = wp_generate_password(64);
$salt = wp_generate_password( 64, true, true );
update_option('secure_auth_salt', $salt);
}
}
@ -1334,7 +1334,7 @@ function wp_salt($scheme = 'auth') {
} else {
$salt = get_option('logged_in_salt');
if ( empty($salt) ) {
$salt = wp_generate_password(64);
$salt = wp_generate_password( 64, true, true );
update_option('logged_in_salt', $salt);
}
}
@ -1347,7 +1347,7 @@ function wp_salt($scheme = 'auth') {
} else {
$salt = get_option('nonce_salt');
if ( empty($salt) ) {
$salt = wp_generate_password(64);
$salt = wp_generate_password( 64, true, true );
update_option('nonce_salt', $salt);
}
}
@ -1461,13 +1461,18 @@ if ( !function_exists('wp_generate_password') ) :
* @since 2.5
*
* @param int $length The length of password to generate
* @param bool $special_chars Whether to include standard special characters
* @param bool $special_chars Whether to include standard special characters. Default true.
* @param bool $extra_special_chars Whether to include more special characters. Used
* when generating secret keys and salts. Default false.
* @return string The random password
**/
function wp_generate_password($length = 12, $special_chars = true) {
function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) {
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
if ( $special_chars )
if ( $special_chars ) {
$chars .= '!@#$%^&*()';
if ( $extra_special_chars )
$chars .= '-_ []{}<>~`+=,.;:/?|';
}
$password = '';
for ( $i = 0; $i < $length; $i++ ) {