[wp-trac] [WordPress Trac] #16623: Authentication Unique Keys and Salts broke wp-config.
WordPress Trac
wp-trac at lists.automattic.com
Thu Feb 24 02:57:56 UTC 2011
#16623: Authentication Unique Keys and Salts broke wp-config.
--------------------------------+----------------------------
Reporter: christopherross | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: WordPress.org
Component: WordPress.org site | Version: 3.0
Severity: normal | Resolution:
Keywords: |
--------------------------------+----------------------------
Comment (by sivel):
During the install, if wp_remote_get cannot fetch the keys, it will fall
back to using wp_generate_password:
{{{
wp_generate_password( 64, true, true );
}}}
wp_generate_password() does not however, generate backslashes (\).
Possible characters are:
{{{
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
}}}
{{{
!@#$%^&*()
}}}
{{{
-_ []{}<>~`+=,.;:/?|
}}}
When I initially wrote the patch to add in the extra chars for this
specific use I ran 100 tests against the APIs to find what characters it
used, which is where this list has come from. But as mentioned it does
not include any backslashes as shown in this bug report.
Are mu-plugins included during the install process, if they exist? Would
be strange to have one there before install, but it may be possible for
wp_generate_password() to be override since it is in pluggable.php.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16623#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list