r63209 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r63208‎ \| r63209 \| r63210 >
Date:	17:00, 3 March 2010
Author:	demon
Status:	ok (Comments)
Tags:
Comment:	Generate secret key, warn if insecure
Modified paths:	/branches/new-installer/phase3/includes/installer/Installer.php (modified) (history) /branches/new-installer/phase3/includes/installer/WebInstaller.php (modified) (history) /branches/new-installer/phase3/languages/messages/MessagesEn.php (modified) (history) /branches/new-installer/phase3/maintenance/language/messages.inc (modified) (history)

Diff [purge]

Index: branches/new-installer/phase3/maintenance/language/messages.inc
—	—	@@ -3340,6 +3340,8 @@
3341	3341	'config-install-database',
3342	3342	'config-install-schema',
3343	3343	'config-install-tables',
	3344	+ 'config-install-secretkey',
	3345	+ 'config-insecure-secretkey',
3344	3346	'config-install-user',
3345	3347	'config-install-localsettings',
3346	3348	),
Index: branches/new-installer/phase3/includes/installer/WebInstaller.php
—	—	@@ -1481,6 +1481,21 @@
1482	1482	}
1483	1483	$this->endStage();
1484	1484
	1485	+ $this->startStage( 'config-install-secretkey' );
	1486	+ $file = @fopen( "/dev/urandom", "r" );
	1487	+ if ( $file ) {
	1488	+ $secretKey = bin2hex( fread( $file, 32 ) );
	1489	+ fclose( $file );
	1490	+ $this->endStage();
	1491	+ } else {
	1492	+ $secretKey = "";
	1493	+ for ( $i=0; $i<8; $i++ ) {
	1494	+ $secretKey .= dechex(mt_rand(0, 0x7fffffff));
	1495	+ }
	1496	+ $this->parent->output->addHTML( wfMsgHtml( 'config-insecure-secretkey' ) . "</li>\n" );
	1497	+ }
	1498	+ $this->setVar( 'wgSecretKey', $secretKey );
	1499	+
1485	1500	// @TODO Write LocalSettings, create admin account
1486	1501	}
1487	1502
Index: branches/new-installer/phase3/includes/installer/Installer.php
—	—	@@ -36,7 +36,8 @@
37	37	// 'wgDeletedDirectory',
38	38	'wgEnableUploads',
39	39	'wgLogo',
40		~~- 'wgShellLocale'~~
	40	+ 'wgShellLocale',
	41	+ 'wgSecretKey',
41	42	);
42	43
43	44	/**
Index: branches/new-installer/phase3/languages/messages/MessagesEn.php
—	—	@@ -4433,6 +4433,8 @@
4434	4434	'config-install-database' => 'Setting up database',
4435	4435	'config-install-schema' => 'Generating schema',
4436	4436	'config-install-tables' => 'Creating tables',
	4437	+'config-install-secretkey' => 'Generating secret key',
	4438	+'config-insecure-secretkey' => 'Warning: $wgSecretKey key is insecure, generated with mt_rand(), consider changing it manually',
4437	4439	'config-install-user' => 'Creating admin user',
4438	4440	'config-install-localsettings' => 'Writing LocalSettings.php',
4439	4441

Follow-up revisions

Revision	Commit summary	Author	Date
r68761	Fix error suppression from r63209.	tstarling	05:30, 30 June 2010

Comments

#Comment by Nikerabbit (talk | contribs) 09:15, 4 March 2010

+$file = @fopen( "/dev/urandom", "r" );

Isn't @ frowned upon?

+$this->parent->output->addHTML( wfMsgHtml( 'config-insecure-secretkey' ) . "\n" ); That looks very error-prone interface, I mean addign the li here manually. I'm also pretty sure that someone will want to add markup to this message, for example surround the function name with <tt> or something. (Any idea why the second pasted line doesn't get the usual pre styling, even when it is prefixed with empty space?)

#Comment by Tim Starling (talk | contribs) 05:32, 30 June 2010

Fixed error suppression in r68761. The message output style is the subject of a fixme comment on r65860.

Status & tagging log

05:32, 30 June 2010 Tim Starling (talk | contribs) changed the status of r63209 [removed: new added: ok]