r76393 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r76392‎ | r76393 | r76394 >
Date:17:01, 9 November 2010
Author:demon
Status:reverted (Comments)
Tags:
Comment:
Followup r76391 per CR: just do $wgUpgradeKey in generateSecretKey()
Modified paths:
  • /trunk/phase3/includes/installer/CoreInstaller.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/installer/CoreInstaller.php
@@ -308,7 +308,6 @@
309309 array( 'name' => 'tables', 'callback' => array( $this, 'installTables' ) ),
310310 array( 'name' => 'interwiki', 'callback' => array( $installer, 'populateInterwikiTable' ) ),
311311 array( 'name' => 'secretkey', 'callback' => array( $this, 'generateSecretKey' ) ),
312 - array( 'name' => 'upgradekey', 'callback' => array( $this, 'generateUpgradeKey' ) ),
313312 array( 'name' => 'sysop', 'callback' => array( $this, 'createSysop' ) ),
314313 array( 'name' => 'mainpage', 'callback' => array( $this, 'createMainpage' ) ),
315314 );
@@ -395,23 +394,15 @@
396395
397396 $this->setVar( 'wgSecretKey', $secretKey );
398397
 398+ // Generate a $wgUpgradeKey from our secret key
 399+ $secretKey = md5( $secretKey );
 400+ $randPos = mt_rand( 0, strlen( $secretKey ) - 8 );
 401+ $this->setVar( 'wgUpgradeKey', substr( $secretKey, $randPos, $randPos + 8 ) );
 402+
399403 return $status;
400404 }
401405
402406 /**
403 - * Generate a default $wgUpradeKey, using a semi-random 8 character portion
404 - * of md5($wgSecretKey)
405 - *
406 - * @return Status
407 - */
408 - protected function generateUpgradeKey() {
409 - $secret = md5( $this->getVar( 'wgSecretKey' ) );
410 - $randPos = mt_rand( 0, strlen( $secret ) - 8 );
411 - $this->setVar( 'wgUpgradeKey', substr( $secret, $randPos, $randPos + 8 ) );
412 - return Status::newGood();
413 - }
414 -
415 - /**
416407 * Create the first user account, grant it sysop and bureaucrat rights
417408 *
418409 * @return Status

Follow-up revisions

RevisionCommit summaryAuthorDate
r76394Followup r76391, r76393, rm unused msgdemon17:02, 9 November 2010
r76806Revert r76393 and make $wgUpgradeKey like $wgSecretKey. Followup for r76391platonides16:16, 16 November 2010

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r76391Followup r75392. Per IRC, we should generate a default $wgUpgradeKey (took a ...demon16:51, 9 November 2010

Comments

#Comment by Platonides (talk | contribs)   00:06, 11 November 2010

Sorry, that's not what I meant in r76393.

I expected for $wgUpgradeKey to open /dev/urandom, else go into mt_rand()... ie. the same thing that generateSecretKey() does, not deriving from $wgSecretKey.

I thought in doing two generateSecretKey() calls (one for $wgSecretKey and the other for $wgUpgradeKey), not moving the same code there.

Status & tagging log