Skip to:
Content

bbPress.org


Ignore:
Timestamp:
08/17/2009 01:37:38 AM (16 years ago)
Author:
sambauers
Message:

Use a blank key instead of the default string when no KEY constant is specified in bb_salt() and friends. Fixed in a different way, but props to bobrik for report and initial patch. Fixes #1180

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/bb-includes/functions.bb-pluggable.php

    r2318 r2366  
    369369endif;
    370370
    371 function _bb_get_key( $key, $default_key = false ) {
    372     if ( !$default_key ) {
    373         global $bb_default_secret_key;
    374         $default_key = $bb_default_secret_key;
    375     }
    376 
    377     if ( defined( $key ) && '' != constant( $key ) && $default_key != constant( $key ) ) {
     371function _bb_get_key( $key, $default_key = false )
     372{
     373    global $bb_default_secret_key;
     374
     375    if ( defined( $key ) && '' != constant( $key ) && $bb_default_secret_key != constant( $key ) ) {
    378376        return constant( $key );
    379377    }
    380378
    381     return $default_key;
    382 }
    383 
    384 function _bb_get_salt( $constants, $option = false ) {
     379    return '';
     380}
     381
     382function _bb_get_salt( $constants, $option = false )
     383{
    385384    if ( !is_array( $constants ) ) {
    386385        $constants = array( $constants );
     
    399398        $salt = bb_get_option( $option );
    400399        if ( empty( $salt ) ) {
    401             $salt = bb_generate_password();
     400            $salt = bb_generate_password( 64 );
    402401            bb_update_option( $option, $salt );
    403402        }
     
    420419 * @return string Salt value for the given scheme
    421420 */
    422 function bb_salt($scheme = 'auth') {
     421function bb_salt( $scheme = 'auth' )
     422{
     423    // Deprecated
    423424    $secret_key = _bb_get_key( 'BB_SECRET_KEY' );
    424425
    425426    switch ($scheme) {
    426427        case 'auth':
    427             $secret_key = _bb_get_key( 'BB_AUTH_KEY', $secret_key );
     428            $secret_key = _bb_get_key( 'BB_AUTH_KEY' );
    428429            $salt = _bb_get_salt( array( 'BB_AUTH_SALT', 'BB_SECRET_SALT' ) );
    429430            break;
    430431
    431432        case 'secure_auth':
    432             $secret_key = _bb_get_key( 'BB_SECURE_AUTH_KEY', $secret_key );
     433            $secret_key = _bb_get_key( 'BB_SECURE_AUTH_KEY' );
    433434            $salt = _bb_get_salt( 'BB_SECURE_AUTH_SALT' );
    434435            break;
    435436
    436437        case 'logged_in':
    437             $secret_key = _bb_get_key( 'BB_LOGGED_IN_KEY', $secret_key );
     438            $secret_key = _bb_get_key( 'BB_LOGGED_IN_KEY' );
    438439            $salt = _bb_get_salt( 'BB_LOGGED_IN_SALT' );
    439440            break;
    440441
    441442        case 'nonce':
    442             $secret_key = _bb_get_key( 'BB_NONCE_KEY', $secret_key );
     443            $secret_key = _bb_get_key( 'BB_NONCE_KEY' );
    443444            $salt = _bb_get_salt( 'BB_NONCE_SALT' );
    444445            break;
Note: See TracChangeset for help on using the changeset viewer.