Use an expanded special character set when generating auth keys and salts via wp_generate_password(). Props sivel, see #12159

git-svn-id: http://svn.automattic.com/wordpress/trunk@13137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-14 04:06:30 +00:00 · 2010-02-14 04:06:30 +00:00 · db0e494344
parent 04212c36f3
commit db0e494344
3 changed files with 14 additions and 9 deletions
--- a/wp-admin/includes/schema.php
+++ b/wp-admin/includes/schema.php
@ -265,7 +265,7 @@ function populate_options() {
 	'upload_path' => '',

 	// 2.0.3
-	'secret' => wp_generate_password(64),
+	'secret' => wp_generate_password( 64, true, true ),

 	// 2.1
 	'blog_public' => '1',
--- a/wp-admin/setup-config.php
+++ b/wp-admin/setup-config.php
@ -189,7 +189,7 @@ switch($step) {
 		$secret_keys = array();
 		require_once( ABSPATH . WPINC . '/pluggable.php' );
 		for ( $i = 0; $i < 8; $i++ )
-			$secret_keys[] = wp_generate_password( 64 );
+			$secret_keys[] = wp_generate_password( 64, true, true );
 	} else {
 		$secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
 		foreach ( $secret_keys as $k => $v )
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@ -1308,7 +1308,7 @@ function wp_salt($scheme = 'auth') {
 		} else {
 			$salt = get_option('auth_salt');
 			if ( empty($salt) ) {
-				$salt = wp_generate_password(64);
+				$salt = wp_generate_password( 64, true, true );
 				update_option('auth_salt', $salt);
 			}
 		}
@ -1321,7 +1321,7 @@ function wp_salt($scheme = 'auth') {
 		} else {
 			$salt = get_option('secure_auth_salt');
 			if ( empty($salt) ) {
-				$salt = wp_generate_password(64);
+				$salt = wp_generate_password( 64, true, true );
 				update_option('secure_auth_salt', $salt);
 			}
 		}
@ -1334,7 +1334,7 @@ function wp_salt($scheme = 'auth') {
 		} else {
 			$salt = get_option('logged_in_salt');
 			if ( empty($salt) ) {
-				$salt = wp_generate_password(64);
+				$salt = wp_generate_password( 64, true, true );
 				update_option('logged_in_salt', $salt);
 			}
 		}
@ -1347,7 +1347,7 @@ function wp_salt($scheme = 'auth') {
 		} else {
 			$salt = get_option('nonce_salt');
 			if ( empty($salt) ) {
-				$salt = wp_generate_password(64);
+				$salt = wp_generate_password( 64, true, true );
 				update_option('nonce_salt', $salt);
 			}
 		}
@ -1461,13 +1461,18 @@ if ( !function_exists('wp_generate_password') ) :
 * @since 2.5
 *
 * @param int $length The length of password to generate
- * @param bool $special_chars Whether to include standard special characters
+ * @param bool $special_chars Whether to include standard special characters. Default true.
+ * @param bool $extra_special_chars Whether to include more special characters. Used
+ *   when generating secret keys and salts. Default false.
 * @return string The random password
 **/
-function wp_generate_password($length = 12, $special_chars = true) {
+function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) {
 	$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
-	if ( $special_chars )
+	if ( $special_chars ) {
 		$chars .= '!@#$%^&*()';
+		if ( $extra_special_chars )
+			$chars .= '-_ []{}<>~`+=,.;:/?|';
+	}

 	$password = '';
 	for ( $i = 0; $i < $length; $i++ ) {