From eea386564ae7e27cf89118c6780d6712d8e764c8 Mon Sep 17 00:00:00 2001 From: Platonides Date: Tue, 16 Nov 2010 16:16:09 +0000 Subject: [PATCH] Revert r76393 and make $wgUpgradeKey like $wgSecretKey. Followup for r76391 --- includes/installer/CoreInstaller.php | 30 ++++++++++++++++++++------- includes/installer/Installer.i18n.php | 2 +- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/includes/installer/CoreInstaller.php b/includes/installer/CoreInstaller.php index 861409ae7d..acdef848b0 100644 --- a/includes/installer/CoreInstaller.php +++ b/includes/installer/CoreInstaller.php @@ -308,6 +308,7 @@ abstract class CoreInstaller extends Installer { array( 'name' => 'tables', 'callback' => array( $this, 'installTables' ) ), array( 'name' => 'interwiki', 'callback' => array( $installer, 'populateInterwikiTable' ) ), array( 'name' => 'secretkey', 'callback' => array( $this, 'generateSecretKey' ) ), + array( 'name' => 'upgradekey', 'callback' => array( $this, 'generateUpgradeKey' ) ), array( 'name' => 'sysop', 'callback' => array( $this, 'createSysop' ) ), array( 'name' => 'mainpage', 'callback' => array( $this, 'createMainpage' ) ), ); @@ -369,6 +370,16 @@ abstract class CoreInstaller extends Installer { * @return Status */ protected function generateSecretKey() { + return $this->generateSecret( 'wgSecretKey' ); + } + + /** + * Generate a secret value for a variable using either + * /dev/urandom or mt_rand() Produce a warning in the later case. + * + * @return Status + */ + protected function generateSecret( $secretName ) { if ( wfIsWindows() ) { $file = null; } else { @@ -389,19 +400,24 @@ abstract class CoreInstaller extends Installer { $secretKey .= dechex( mt_rand( 0, 0x7fffffff ) ); } - $status->warning( 'config-insecure-secretkey' ); + $status->warning( 'config-insecure-secret', '$' . $secretName ); } - $this->setVar( 'wgSecretKey', $secretKey ); - - // Generate a $wgUpgradeKey from our secret key - $secretKey = md5( $secretKey ); - $randPos = mt_rand( 0, strlen( $secretKey ) - 8 ); - $this->setVar( 'wgUpgradeKey', substr( $secretKey, $randPos, $randPos + 8 ) ); + $this->setVar( $secretName, $secretKey ); return $status; } + /** + * Generate a default $wgUpradeKey, Will warn if we had to use + * mt_rand() instead of /dev/urandom + * + * @return Status + */ + protected function generateUpgradeKey() { + return $this->generateSecret( 'wgUpgradeKey' ); + } + /** * Create the first user account, grant it sysop and bureaucrat rights * diff --git a/includes/installer/Installer.i18n.php b/includes/installer/Installer.i18n.php index a74dd03039..502495fe0b 100644 --- a/includes/installer/Installer.i18n.php +++ b/includes/installer/Installer.i18n.php @@ -475,7 +475,7 @@ Skipping creation.", 'config-install-interwiki-exists' => "'''Warning''': The interwiki table seems to already have entries. Skipping default list.", 'config-install-secretkey' => 'Generating secret key', - 'config-insecure-secretkey' => "'''Warning:''' Unable to create secure \$wgSecretKey. + 'config-insecure-secret' => "'''Warning:''' Unable to create a secure $1. Consider changing it manually.", 'config-install-sysop' => 'Creating administrator user account', 'config-install-mainpage' => 'Creating main page with default content', -- 2.20.1