From db0e494344899dc05c137e1b64cc8bdda77b7a66 Mon Sep 17 00:00:00 2001 From: nacin Date: Sun, 14 Feb 2010 04:06:30 +0000 Subject: [PATCH] Use an expanded special character set when generating auth keys and salts via wp_generate_password(). Props sivel, see #12159 git-svn-id: http://svn.automattic.com/wordpress/trunk@13137 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/schema.php | 2 +- wp-admin/setup-config.php | 2 +- wp-includes/pluggable.php | 19 ++++++++++++------- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/wp-admin/includes/schema.php b/wp-admin/includes/schema.php index 72704b99c..1634cfaea 100644 --- a/wp-admin/includes/schema.php +++ b/wp-admin/includes/schema.php @@ -265,7 +265,7 @@ function populate_options() { 'upload_path' => '', // 2.0.3 - 'secret' => wp_generate_password(64), + 'secret' => wp_generate_password( 64, true, true ), // 2.1 'blog_public' => '1', diff --git a/wp-admin/setup-config.php b/wp-admin/setup-config.php index 97fc342a5..11b37c761 100644 --- a/wp-admin/setup-config.php +++ b/wp-admin/setup-config.php @@ -189,7 +189,7 @@ switch($step) { $secret_keys = array(); require_once( ABSPATH . WPINC . '/pluggable.php' ); for ( $i = 0; $i < 8; $i++ ) - $secret_keys[] = wp_generate_password( 64 ); + $secret_keys[] = wp_generate_password( 64, true, true ); } else { $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) ); foreach ( $secret_keys as $k => $v ) diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 27a231c2e..1508c4109 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -1308,7 +1308,7 @@ function wp_salt($scheme = 'auth') { } else { $salt = get_option('auth_salt'); if ( empty($salt) ) { - $salt = wp_generate_password(64); + $salt = wp_generate_password( 64, true, true ); update_option('auth_salt', $salt); } } @@ -1321,7 +1321,7 @@ function wp_salt($scheme = 'auth') { } else { $salt = get_option('secure_auth_salt'); if ( empty($salt) ) { - $salt = wp_generate_password(64); + $salt = wp_generate_password( 64, true, true ); update_option('secure_auth_salt', $salt); } } @@ -1334,7 +1334,7 @@ function wp_salt($scheme = 'auth') { } else { $salt = get_option('logged_in_salt'); if ( empty($salt) ) { - $salt = wp_generate_password(64); + $salt = wp_generate_password( 64, true, true ); update_option('logged_in_salt', $salt); } } @@ -1347,7 +1347,7 @@ function wp_salt($scheme = 'auth') { } else { $salt = get_option('nonce_salt'); if ( empty($salt) ) { - $salt = wp_generate_password(64); + $salt = wp_generate_password( 64, true, true ); update_option('nonce_salt', $salt); } } @@ -1461,13 +1461,18 @@ if ( !function_exists('wp_generate_password') ) : * @since 2.5 * * @param int $length The length of password to generate - * @param bool $special_chars Whether to include standard special characters + * @param bool $special_chars Whether to include standard special characters. Default true. + * @param bool $extra_special_chars Whether to include more special characters. Used + * when generating secret keys and salts. Default false. * @return string The random password **/ -function wp_generate_password($length = 12, $special_chars = true) { +function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) { $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; - if ( $special_chars ) + if ( $special_chars ) { $chars .= '!@#$%^&*()'; + if ( $extra_special_chars ) + $chars .= '-_ []{}<>~`+=,.;:/?|'; + } $password = ''; for ( $i = 0; $i < $length; $i++ ) {