[wp-trac] [WordPress Trac] #19599: Localizations should not need to worry about the default secret key
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 27 17:58:29 UTC 2012
#19599: Localizations should not need to worry about the default secret key
----------------------------+------------------
Reporter: nacin | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: 3.4
Component: I18N | Version:
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+------------------
Comment (by nacin):
[attachment:19599.2.diff] rewrites wp_salt().
1. DB fallback is provided for the eight main keys and salts, and also
SECRET_KEY, since it is used for custom schemes.
2. If any two keys or salts match in value, the fallback is triggered.
3. If any key or salt matches 'put your unique phrase here', the fallback
is triggered.
Now, local builds. We want to eliminate the need for $locale.php files, so
we want to avoid $wp_default_secret_key. Additionally, #14024 has caused
translators to instead override default-constants.php. This is even less
desirable.
Point 2 ensures that a localized 'put your unique phrase here' only works
if the value is used exactly once — say, if the other 7 are properly
unique. However, it could also be that the only one defined is SECRET_KEY
(perhaps the install started with 2.5), and either way, we should try to
mitigate this.
So, Point 4: For 3.4 localized builds, we will append
$wp_secret_key_default to version.php, the same way we append
$wp_local_package to version.php. We will use this variable to ensure that
for all fresh local installs of 3.4 or higher will end up covered.
For installs prior to 3.4, we cannot use the existing
$wp_default_secret_key, as otherwise we will re-introduce #14024. again,
point 2 is strong enough to mitigate any issues.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19599#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list