From 61f7e758952dabbe7e00cd2d9eeca2e7d82e4604 Mon Sep 17 00:00:00 2001
From: Jb Audras <audrasjb@git.wordpress.org>
Date: Tue, 20 Sep 2022 11:55:21 +0000
Subject: [PATCH] Security: Salting functions: translate the phrase "put your
 unique phrase here".

In `wp_salt()` WordPress pre-populates the check for duplicate salt values with the default put your unique phrase here. As the `wp-config.php file` for non-en_US can be translated in downloaded packages, a translated version of this phrase ought to be in the pre-populated duplicate values array too.

Props peterwilsoncc, SergeyBiryukov, whaze, costdev, audrasjb.
Fixes #55937.


git-svn-id: https://develop.svn.wordpress.org/trunk@54249 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/maint/repair.php                          |  2 +-
 .../class-wp-recovery-mode-cookie-service.php          |  2 +-
 src/wp-includes/pluggable.php                          | 10 +++++++++-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/wp-admin/maint/repair.php b/src/wp-admin/maint/repair.php
index b4219b30ad..6c9e8fe82a 100644
--- a/src/wp-admin/maint/repair.php
+++ b/src/wp-admin/maint/repair.php
@@ -37,7 +37,7 @@ if ( ! defined( 'WP_ALLOW_REPAIR' ) || ! WP_ALLOW_REPAIR ) {
 	);
 	echo "</p><p><code>define('WP_ALLOW_REPAIR', true);</code></p>";
 
-	$default_key     = 'put your unique phrase here';
+	$default_key     = __( 'put your unique phrase here' );
 	$missing_key     = false;
 	$duplicated_keys = array();
 
diff --git a/src/wp-includes/class-wp-recovery-mode-cookie-service.php b/src/wp-includes/class-wp-recovery-mode-cookie-service.php
index df59b35780..5d3be11f6e 100644
--- a/src/wp-includes/class-wp-recovery-mode-cookie-service.php
+++ b/src/wp-includes/class-wp-recovery-mode-cookie-service.php
@@ -198,7 +198,7 @@ final class WP_Recovery_Mode_Cookie_Service {
 	 * @return string|false The hashed $data, or false on failure.
 	 */
 	private function recovery_mode_hash( $data ) {
-		if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === 'put your unique phrase here' ) {
+		if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === __( 'put your unique phrase here' ) ) {
 			$auth_key = get_site_option( 'recovery_mode_auth_key' );
 
 			if ( ! $auth_key ) {
diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
index 387c3e2c7b..64478e27fa 100644
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -2408,7 +2408,15 @@ if ( ! function_exists( 'wp_salt' ) ) :
 
 		static $duplicated_keys;
 		if ( null === $duplicated_keys ) {
-			$duplicated_keys = array( 'put your unique phrase here' => true );
+			$duplicated_keys = array(
+				'put your unique phrase here'       => true,
+				/*
+				 * translators: This string should only be translated if wp-config-sample.php is localized.
+				 * You can check the localized release package or
+				 * https://i18n.svn.wordpress.org/<locale code>/branches/<wp version>/dist/wp-config-sample.php
+				 */
+				__( 'put your unique phrase here' ) => true,
+			);
 			foreach ( array( 'AUTH', 'SECURE_AUTH', 'LOGGED_IN', 'NONCE', 'SECRET' ) as $first ) {
 				foreach ( array( 'KEY', 'SALT' ) as $second ) {
 					if ( ! defined( "{$first}_{$second}" ) ) {