mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-02-11 18:41:37 +01:00
Code Issues Actions 24 Packages Projects Releases Wiki Activity

Security: Salting functions: translate the phrase "put your unique phrase here".

Browse Source 
In `wp_salt()` WordPress pre-populates the check for duplicate salt values with the default put your unique phrase here. As the `wp-config.php file` for non-en_US can be translated in downloaded packages, a translated version of this phrase ought to be in the pre-populated duplicate values array too.

Props peterwilsoncc, SergeyBiryukov, whaze, costdev, audrasjb.
Fixes #55937.


git-svn-id: https://develop.svn.wordpress.org/trunk@54249 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jb Audras 2022-09-20 11:55:21 +00:00
parent 270629df0e
commit 61f7e75895
3 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-admin/maint/repair.php
View File

@ -37,7 +37,7 @@ if ( ! defined( 'WP_ALLOW_REPAIR' ) || ! WP_ALLOW_REPAIR ) {
);
echo "</p><p><code>define('WP_ALLOW_REPAIR', true);</code></p>";
$default_key = 'put your unique phrase here';
$default_key = __( 'put your unique phrase here' );
$missing_key = false;
$duplicated_keys = array();

2
src/wp-includes/class-wp-recovery-mode-cookie-service.php
View File

@ -198,7 +198,7 @@ final class WP_Recovery_Mode_Cookie_Service {
* @return string|false The hashed $data, or false on failure.
*/
private function recovery_mode_hash( $data ) {
if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === 'put your unique phrase here' ) {
if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === __( 'put your unique phrase here' ) ) {
$auth_key = get_site_option( 'recovery_mode_auth_key' );
if ( ! $auth_key ) {

10
src/wp-includes/pluggable.php
View File

@ -2408,7 +2408,15 @@ if ( ! function_exists( 'wp_salt' ) ) :
static $duplicated_keys;
if ( null === $duplicated_keys ) {
$duplicated_keys = array( 'put your unique phrase here' => true );
$duplicated_keys = array(
'put your unique phrase here' => true,
/*
* translators: This string should only be translated if wp-config-sample.php is localized.
* You can check the localized release package or
* https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php
*/
__( 'put your unique phrase here' ) => true,
);
foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) {
foreach ( array( 'KEY', 'SALT' ) as $second ) {
if ( ! defined( "{$first}_{$second}" ) ) {