[wp-trac] [WordPress Trac] #19599: Localizations should not need to worry about the default secret key

WordPress Trac wp-trac at lists.automattic.com
Fri Jan 27 17:58:29 UTC 2012


#19599: Localizations should not need to worry about the default secret key
----------------------------+------------------
 Reporter:  nacin           |       Owner:
     Type:  task (blessed)  |      Status:  new
 Priority:  normal          |   Milestone:  3.4
Component:  I18N            |     Version:
 Severity:  normal          |  Resolution:
 Keywords:  has-patch       |
----------------------------+------------------

Comment (by nacin):

 [attachment:19599.2.diff] rewrites wp_salt().

  1. DB fallback is provided for the eight main keys and salts, and also
 SECRET_KEY, since it is used for custom schemes.

  2. If any two keys or salts match in value, the fallback is triggered.

  3. If any key or salt matches 'put your unique phrase here', the fallback
 is triggered.

 Now, local builds. We want to eliminate the need for $locale.php files, so
 we want to avoid $wp_default_secret_key. Additionally, #14024 has caused
 translators to instead override default-constants.php. This is even less
 desirable.

 Point 2 ensures that a localized 'put your unique phrase here' only works
 if the value is used exactly once — say, if the other 7 are properly
 unique. However, it could also be that the only one defined is SECRET_KEY
 (perhaps the install started with 2.5), and either way, we should try to
 mitigate this.

 So, Point 4: For 3.4 localized builds, we will append
 $wp_secret_key_default to version.php, the same way we append
 $wp_local_package to version.php. We will use this variable to ensure that
 for all fresh local installs of 3.4 or higher will end up covered.

 For installs prior to 3.4, we cannot use the existing
 $wp_default_secret_key, as otherwise we will re-introduce #14024. again,
 point 2 is strong enough to mitigate any issues.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19599#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list