[wp-trac] [WordPress Trac] #55937: Salting functions: translate the phrase `put your unique phrase here`.
WordPress Trac
noreply at wordpress.org
Tue Jun 7 00:42:27 UTC 2022
#55937: Salting functions: translate the phrase `put your unique phrase here`.
---------------------------+--------------------
Reporter: peterwilsoncc | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 6.1
Component: Security | Version:
Severity: normal | Keywords:
Focuses: |
---------------------------+--------------------
Please note: this was discussed by the security team and agreed to be
suitable as a public hardening ticket.
In `wp_salt()` WordPress pre-populates the check for duplicate salt values
with the default `put your unique phrase here`. As the `wp-config.php`
file for non-USA-English can be translated in downloaded packages, a
translated version of this phrase ought to be in the pre-populated
duplicate values array too.
I suggest the pre-populated array be set as follows to account for
situations in which the default (English) file is used for a translated
package:
{{{#!php
<?php
$duplicated_keys = array(
'put your unique phrase here' => true,
__( 'put your unique phrase here' ) => true,
);
}}}
----
It's almost certain that non-English sites failing to change the default
values will have them picked up by WordPress as duplicates and replace
them with a random key. This is why this can be a public ticket.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55937>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list