From: Chad Horohoe Date: Tue, 9 Nov 2010 16:51:08 +0000 (+0000) Subject: Followup r75392. Per IRC, we should generate a default $wgUpgradeKey (took a semi... X-Git-Tag: 1.31.0-rc.0~33962 X-Git-Url: http://git.cyclocoop.org/%28?a=commitdiff_plain;h=4ab439e59e916572ea71f8f6e32749ab993d2e6c;p=lhc%2Fweb%2Fwiklou.git Followup r75392. Per IRC, we should generate a default $wgUpgradeKey (took a semi-random part of an md5()'d $wgSecretKey) to hopefully encourage people from setting it to things like "abc." Leave it commented, so default behavior is still to keep the installer disabled --- diff --git a/includes/installer/CoreInstaller.php b/includes/installer/CoreInstaller.php index a9a2fa9d80..f91628095d 100644 --- a/includes/installer/CoreInstaller.php +++ b/includes/installer/CoreInstaller.php @@ -48,6 +48,7 @@ abstract class CoreInstaller extends Installer { 'wgShellLocale', 'wgSecretKey', 'wgUseInstantCommons', + 'wgUpgradeKey', ); /** @@ -307,6 +308,7 @@ abstract class CoreInstaller extends Installer { array( 'name' => 'tables', 'callback' => array( $this, 'installTables' ) ), array( 'name' => 'interwiki', 'callback' => array( $installer, 'populateInterwikiTable' ) ), array( 'name' => 'secretkey', 'callback' => array( $this, 'generateSecretKey' ) ), + array( 'name' => 'upgradekey', 'callback' => array( $this, 'generateUpgradeKey' ) ), array( 'name' => 'sysop', 'callback' => array( $this, 'createSysop' ) ), array( 'name' => 'mainpage', 'callback' => array( $this, 'createMainpage' ) ), ); @@ -396,6 +398,19 @@ abstract class CoreInstaller extends Installer { return $status; } + /** + * Generate a default $wgUpradeKey, using a semi-random 8 character portion + * of md5($wgSecretKey) + * + * @return Status + */ + protected function generateUpgradeKey() { + $secret = md5( $this->getVar( 'wgSecretKey' ) ); + $randPos = mt_rand( 0, strlen( $secret ) - 8 ); + $this->setVar( 'wgUpgradeKey', substr( $secret, $randPos, $randPos + 8 ) ); + return Status::newGood(); + } + /** * Create the first user account, grant it sysop and bureaucrat rights * diff --git a/includes/installer/Installer.i18n.php b/includes/installer/Installer.i18n.php index 7caaa3c180..b2d24d305b 100644 --- a/includes/installer/Installer.i18n.php +++ b/includes/installer/Installer.i18n.php @@ -474,6 +474,7 @@ Skipping default list.", 'config-install-secretkey' => 'Generating secret key', 'config-insecure-secretkey' => "'''Warning:''' Unable to create secure \$wgSecretKey. Consider changing it manually.", + 'config-install-upgradekey' => 'Generating default upgrade key', 'config-install-sysop' => 'Creating administrator user account', 'config-install-mainpage' => 'Creating main page with default content', 'config-install-mainpage-failed' => 'Could not insert main page.', diff --git a/includes/installer/LocalSettingsGenerator.php b/includes/installer/LocalSettingsGenerator.php index 14ef7021f9..820729dddb 100644 --- a/includes/installer/LocalSettingsGenerator.php +++ b/includes/installer/LocalSettingsGenerator.php @@ -45,7 +45,7 @@ class LocalSettingsGenerator { 'wgDBtype', 'wgSecretKey', 'wgRightsUrl', 'wgSitename', 'wgRightsIcon', 'wgRightsText', 'wgRightsCode', 'wgMainCacheType', 'wgEnableUploads', 'wgMainCacheType', '_MemCachedServers', 'wgDBserver', 'wgDBuser', - 'wgDBpassword', 'wgUseInstantCommons' + 'wgDBpassword', 'wgUseInstantCommons', 'wgUpgradeKey' ), $db->getGlobalNames() ); @@ -291,6 +291,10 @@ if ( \$wgCommandLineMode ) { \$wgSecretKey = \"{$this->values['wgSecretKey']}\"; +# Site upgrade key. Must be set to a string (default provided) to turn on the +# web installer while LocalSettings.php is in place +#\$wgUpgradeKey = \"{$this->values['wgUpgradeKey']}\"; + ## Default skin: you can change the default skin. Use the internal symbolic ## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector': \$wgDefaultSkin = 'vector';