X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/138998bbd8f7a1ac38b2f1eacbdf7cd522be4b13..e3ff8f35458a959c1879c0a4976701ed8dcfe651:/wp-admin/setup-config.php diff --git a/wp-admin/setup-config.php b/wp-admin/setup-config.php index 5364fa78..1404c325 100644 --- a/wp-admin/setup-config.php +++ b/wp-admin/setup-config.php @@ -5,8 +5,6 @@ * The permissions for the base directory must allow for writing files in order * for the wp-config.php to be created using this page. * - * @internal This file must be parsable by PHP4. - * * @package WordPress * @subpackage Administration */ @@ -28,7 +26,9 @@ define('WP_SETUP_CONFIG', true); */ error_reporting(0); -define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' ); +if ( ! defined( 'ABSPATH' ) ) { + define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' ); +} require( ABSPATH . 'wp-settings.php' ); @@ -99,7 +99,7 @@ function setup_config_display_header( $body_classes = array() ) { -

- +

- + - + - + - + @@ -276,26 +276,44 @@ switch($step) { if ( ! empty( $wpdb->error ) ) wp_die( $wpdb->error->get_error_message() . $tryagain_link ); - // Fetch or generate keys and salts. - $no_api = isset( $_POST['noapi'] ); - if ( ! $no_api ) { - $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' ); + $wpdb->query( "SELECT $prefix" ); + if ( ! $wpdb->last_error ) { + // MySQL was able to parse the prefix as a value, which we don't want. Bail. + wp_die( __( 'ERROR: "Table Prefix" is invalid.' ) ); } - if ( $no_api || is_wp_error( $secret_keys ) ) { - $secret_keys = array(); + // Generate keys and salts using secure CSPRNG; fallback to API if enabled; further fallback to original wp_generate_password(). + try { + $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_ []{}<>~`+=,.;:/?|'; + $max = strlen($chars) - 1; for ( $i = 0; $i < 8; $i++ ) { - $secret_keys[] = wp_generate_password( 64, true, true ); + $key = ''; + for ( $j = 0; $j < 64; $j++ ) { + $key .= substr( $chars, random_int( 0, $max ), 1 ); + } + $secret_keys[] = $key; } - } else { - $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) ); - foreach ( $secret_keys as $k => $v ) { - $secret_keys[$k] = substr( $v, 28, 64 ); + } catch ( Exception $ex ) { + $no_api = isset( $_POST['noapi'] ); + + if ( ! $no_api ) { + $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' ); + } + + if ( $no_api || is_wp_error( $secret_keys ) ) { + $secret_keys = array(); + for ( $i = 0; $i < 8; $i++ ) { + $secret_keys[] = wp_generate_password( 64, true, true ); + } + } else { + $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) ); + foreach ( $secret_keys as $k => $v ) { + $secret_keys[$k] = substr( $v, 28, 64 ); + } } } $key = 0; - // Not a PHP5-style by-reference foreach, as this file must be parseable by PHP4. foreach ( $config_file as $line_num => $line ) { if ( '$table_prefix =' == substr( $line, 0, 16 ) ) { $config_file[ $line_num ] = '$table_prefix = \'' . addcslashes( $prefix, "\\'" ) . "';\r\n";