vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Security: Additional translations of salt default phrase.

Browse Source 
Translate the default salt value "put your unique phrase here" in additional locations in which it is used. This further ensures that the default phrase is considered an error in non-english translations of `wp-config.php`.

Follow-up to [54249].

Props peterwilsoncc, audrasjb, JeffPaul.
Fixes #55937.



git-svn-id: https://develop.svn.wordpress.org/trunk@54379 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Peter Wilson 2022-10-04 03:57:29 +00:00
parent 09d9a3d7ba
commit 09fd082625
2 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/wp-admin/maint/repair.php
View File

@ -37,7 +37,17 @@ if ( ! defined( 'WP_ALLOW_REPAIR' ) || ! WP_ALLOW_REPAIR ) {
);
echo "</p><p><code>define('WP_ALLOW_REPAIR', true);</code></p>";
$default_key = __( 'put your unique phrase here' );
$default_keys = array_unique(
array(
'put your unique phrase here',
/*
* translators: This string should only be translated if wp-config-sample.php is localized.
* You can check the localized release package or
* https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php
*/
__( 'put your unique phrase here' ),
)
);
$missing_key = false;
$duplicated_keys = array();
@ -51,9 +61,11 @@ if ( ! defined( 'WP_ALLOW_REPAIR' ) || ! WP_ALLOW_REPAIR ) {
}
}
// If at least one key uses the default value, consider it duplicated.
if ( isset( $duplicated_keys[ $default_key ] ) ) {
$duplicated_keys[ $default_key ] = true;
// If at least one key uses a default value, consider it duplicated.
foreach ( $default_keys as $default_key ) {
if ( isset( $duplicated_keys[ $default_key ] ) ) {
$duplicated_keys[ $default_key ] = true;
}
}
// Weed out all unique, non-default values.

16
src/wp-includes/class-wp-recovery-mode-cookie-service.php
View File

@ -198,7 +198,19 @@ final class WP_Recovery_Mode_Cookie_Service {
* @return string|false The hashed $data, or false on failure.
*/
private function recovery_mode_hash( $data ) {
if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === __( 'put your unique phrase here' ) ) {
$default_keys = array_unique(
array(
'put your unique phrase here',
/*
* translators: This string should only be translated if wp-config-sample.php is localized.
* You can check the localized release package or
* https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php
*/
__( 'put your unique phrase here' ),
)
);
if ( ! defined( 'AUTH_KEY' ) || in_array( AUTH_KEY, $default_keys, true ) ) {
$auth_key = get_site_option( 'recovery_mode_auth_key' );
if ( ! $auth_key ) {
@ -213,7 +225,7 @@ final class WP_Recovery_Mode_Cookie_Service {
$auth_key = AUTH_KEY;
}
if ( ! defined( 'AUTH_SALT' ) || AUTH_SALT === 'put your unique phrase here' || AUTH_SALT === $auth_key ) {
if ( ! defined( 'AUTH_SALT' ) || in_array( AUTH_SALT, $default_keys, true ) || AUTH_SALT === $auth_key ) {
$auth_salt = get_site_option( 'recovery_mode_auth_salt' );
if ( ! $auth_salt ) {