WordPress 4.5
[autoinstalls/wordpress.git] / wp-admin / setup-config.php
index 5364fa786cf1a23701d165a668820ae6777e6e56..befa6937edea073f9bcbddd9681a13bc7e605458 100644 (file)
@@ -181,24 +181,24 @@ switch($step) {
 
                setup_config_display_header();
        ?>
 
                setup_config_display_header();
        ?>
-<h1 class="screen-reader-text"><?php _e( 'Setup your database connection' ) ?></h1>
+<h1 class="screen-reader-text"><?php _e( 'Set up your database connection' ) ?></h1>
 <form method="post" action="setup-config.php?step=2">
        <p><?php _e( 'Below you should enter your database connection details. If you&#8217;re not sure about these, contact your host.' ); ?></p>
        <table class="form-table">
                <tr>
                        <th scope="row"><label for="dbname"><?php _e( 'Database Name' ); ?></label></th>
                        <td><input name="dbname" id="dbname" type="text" size="25" value="wordpress" /></td>
 <form method="post" action="setup-config.php?step=2">
        <p><?php _e( 'Below you should enter your database connection details. If you&#8217;re not sure about these, contact your host.' ); ?></p>
        <table class="form-table">
                <tr>
                        <th scope="row"><label for="dbname"><?php _e( 'Database Name' ); ?></label></th>
                        <td><input name="dbname" id="dbname" type="text" size="25" value="wordpress" /></td>
-                       <td><?php _e( 'The name of the database you want to run WP in.' ); ?></td>
+                       <td><?php _e( 'The name of the database you want to use with WordPress.' ); ?></td>
                </tr>
                <tr>
                </tr>
                <tr>
-                       <th scope="row"><label for="uname"><?php _e( 'User Name' ); ?></label></th>
+                       <th scope="row"><label for="uname"><?php _e( 'Username' ); ?></label></th>
                        <td><input name="uname" id="uname" type="text" size="25" value="<?php echo htmlspecialchars( _x( 'username', 'example username' ), ENT_QUOTES ); ?>" /></td>
                        <td><input name="uname" id="uname" type="text" size="25" value="<?php echo htmlspecialchars( _x( 'username', 'example username' ), ENT_QUOTES ); ?>" /></td>
-                       <td><?php _e( 'Your MySQL username' ); ?></td>
+                       <td><?php _e( 'Your database username.' ); ?></td>
                </tr>
                <tr>
                        <th scope="row"><label for="pwd"><?php _e( 'Password' ); ?></label></th>
                        <td><input name="pwd" id="pwd" type="text" size="25" value="<?php echo htmlspecialchars( _x( 'password', 'example password' ), ENT_QUOTES ); ?>" autocomplete="off" /></td>
                </tr>
                <tr>
                        <th scope="row"><label for="pwd"><?php _e( 'Password' ); ?></label></th>
                        <td><input name="pwd" id="pwd" type="text" size="25" value="<?php echo htmlspecialchars( _x( 'password', 'example password' ), ENT_QUOTES ); ?>" autocomplete="off" /></td>
-                       <td><?php _e( '&hellip;and your MySQL password.' ); ?></td>
+                       <td><?php _e( 'Your database password.' ); ?></td>
                </tr>
                <tr>
                        <th scope="row"><label for="dbhost"><?php _e( 'Database Host' ); ?></label></th>
                </tr>
                <tr>
                        <th scope="row"><label for="dbhost"><?php _e( 'Database Host' ); ?></label></th>
@@ -276,21 +276,34 @@ switch($step) {
        if ( ! empty( $wpdb->error ) )
                wp_die( $wpdb->error->get_error_message() . $tryagain_link );
 
        if ( ! empty( $wpdb->error ) )
                wp_die( $wpdb->error->get_error_message() . $tryagain_link );
 
-       // Fetch or generate keys and salts.
-       $no_api = isset( $_POST['noapi'] );
-       if ( ! $no_api ) {
-               $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
-       }
-
-       if ( $no_api || is_wp_error( $secret_keys ) ) {
-               $secret_keys = array();
+       // Generate keys and salts using secure CSPRNG; fallback to API if enabled; further fallback to original wp_generate_password().
+       try {
+               $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|';
+               $max = strlen($chars) - 1;
                for ( $i = 0; $i < 8; $i++ ) {
                for ( $i = 0; $i < 8; $i++ ) {
-                       $secret_keys[] = wp_generate_password( 64, true, true );
+                       $key = '';
+                       for ( $j = 0; $j < 64; $j++ ) {
+                               $key .= substr( $chars, random_int( 0, $max ), 1 );
+                       }
+                       $secret_keys[] = $key;
                }
                }
-       } else {
-               $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
-               foreach ( $secret_keys as $k => $v ) {
-                       $secret_keys[$k] = substr( $v, 28, 64 );
+       } catch ( Exception $ex ) {
+               $no_api = isset( $_POST['noapi'] );
+
+               if ( ! $no_api ) {
+                       $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
+               }
+
+               if ( $no_api || is_wp_error( $secret_keys ) ) {
+                       $secret_keys = array();
+                       for ( $i = 0; $i < 8; $i++ ) {
+                               $secret_keys[] = wp_generate_password( 64, true, true );
+                       }
+               } else {
+                       $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
+                       foreach ( $secret_keys as $k => $v ) {
+                               $secret_keys[$k] = substr( $v, 28, 64 );
+                       }
                }
        }
 
                }
        }