diff options
| -rw-r--r-- | wp-admin/setup-config.php | 29 | ||||
| -rw-r--r-- | wp-config-sample.php | 17 |
2 files changed, 40 insertions, 6 deletions
diff --git a/wp-admin/setup-config.php b/wp-admin/setup-config.php index bcfabd107a..0c68e2fe1e 100644 --- a/wp-admin/setup-config.php +++ b/wp-admin/setup-config.php @@ -168,6 +168,24 @@ switch($step) { if ( !empty($wpdb->error) ) wp_die($wpdb->error->get_error_message()); + require_once( ABSPATH . WPINC . '/plugin.php' ); + require_once( ABSPATH . WPINC . '/http.php' ); + wp_fix_server_vars(); + /**#@+ + * @ignore + */ + function get_bloginfo() { + return 'http://' . $_SERVER['HTTP_HOST'] . str_replace( $_SERVER['PHP_SELF'], '/wp-admin/setup-config.php', '' ); + } + /**#@-*/ + + $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/?salt=1' ); + if ( is_wp_error( $secret_keys ) ) + $secret_keys = false; + else + $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) ); + $key = 0; + foreach ($configFile as $line_num => $line) { switch (substr($line,0,16)) { case "define('DB_NAME'": @@ -185,6 +203,17 @@ switch($step) { case '$table_prefix =': $configFile[$line_num] = str_replace('wp_', $prefix, $line); break; + case "define('AUTH_KEY": + case "define('SECURE_A": + case "define('LOGGED_I": + case "define('NONCE_KE": + case "define('AUTH_SAL": + case "define('SECURE_A": + case "define('LOGGED_I": + case "define('NONCE_SA": + if ( $secret_keys ) + $configFile[$line_num] = str_replace('put your unique phrase here', substr( $secret_keys[$key++], 27, 64 ), $line ); + break; } } if ( ! is_writable(ABSPATH) ) : diff --git a/wp-config-sample.php b/wp-config-sample.php index 3402b7b5f9..9806ae5ab3 100644 --- a/wp-config-sample.php +++ b/wp-config-sample.php @@ -34,18 +34,23 @@ define('DB_CHARSET', 'utf8'); define('DB_COLLATE', ''); /**#@+ - * Authentication Unique Keys. + * Authentication Unique Keys and Salts. * * Change these to different unique phrases! - * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service} + * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/?salt=1 WordPress.org secret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 */ -define('AUTH_KEY', 'put your unique phrase here'); -define('SECURE_AUTH_KEY', 'put your unique phrase here'); -define('LOGGED_IN_KEY', 'put your unique phrase here'); -define('NONCE_KEY', 'put your unique phrase here'); +define('AUTH_KEY', 'put your unique phrase here'); +define('SECURE_AUTH_KEY', 'put your unique phrase here'); +define('LOGGED_IN_KEY', 'put your unique phrase here'); +define('NONCE_KEY', 'put your unique phrase here'); +define('AUTH_SALT', 'put your unique phrase here'); +define('SECURE_AUTH_SALT', 'put your unique phrase here'); +define('LOGGED_IN_SALT', 'put your unique phrase here'); +define('NONCE_SALT', 'put your unique phrase here'); + /**#@-*/ /** |