r76806 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r76805‎ | r76806 | r76807 >
Date:16:16, 16 November 2010
Author:platonides
Status:resolved (Comments)
Tags:
Comment:
Revert r76393 and make $wgUpgradeKey like $wgSecretKey. Followup for r76391
Modified paths:
  • /trunk/phase3/includes/installer/CoreInstaller.php (modified) (history)
  • /trunk/phase3/includes/installer/Installer.i18n.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/installer/CoreInstaller.php
@@ -308,6 +308,7 @@
309309 array( 'name' => 'tables', 'callback' => array( $this, 'installTables' ) ),
310310 array( 'name' => 'interwiki', 'callback' => array( $installer, 'populateInterwikiTable' ) ),
311311 array( 'name' => 'secretkey', 'callback' => array( $this, 'generateSecretKey' ) ),
 312+ array( 'name' => 'upgradekey', 'callback' => array( $this, 'generateUpgradeKey' ) ),
312313 array( 'name' => 'sysop', 'callback' => array( $this, 'createSysop' ) ),
313314 array( 'name' => 'mainpage', 'callback' => array( $this, 'createMainpage' ) ),
314315 );
@@ -369,6 +370,16 @@
370371 * @return Status
371372 */
372373 protected function generateSecretKey() {
 374+ return $this->generateSecret( 'wgSecretKey' );
 375+ }
 376+
 377+ /**
 378+ * Generate a secret value for a variable using either
 379+ * /dev/urandom or mt_rand() Produce a warning in the later case.
 380+ *
 381+ * @return Status
 382+ */
 383+ protected function generateSecret( $secretName ) {
373384 if ( wfIsWindows() ) {
374385 $file = null;
375386 } else {
@@ -389,20 +400,25 @@
390401 $secretKey .= dechex( mt_rand( 0, 0x7fffffff ) );
391402 }
392403
393 - $status->warning( 'config-insecure-secretkey' );
 404+ $status->warning( 'config-insecure-secret', '$' . $secretName );
394405 }
395406
396 - $this->setVar( 'wgSecretKey', $secretKey );
 407+ $this->setVar( $secretName, $secretKey );
397408
398 - // Generate a $wgUpgradeKey from our secret key
399 - $secretKey = md5( $secretKey );
400 - $randPos = mt_rand( 0, strlen( $secretKey ) - 8 );
401 - $this->setVar( 'wgUpgradeKey', substr( $secretKey, $randPos, $randPos + 8 ) );
402 -
403409 return $status;
404410 }
405411
406412 /**
 413+ * Generate a default $wgUpradeKey, Will warn if we had to use
 414+ * mt_rand() instead of /dev/urandom
 415+ *
 416+ * @return Status
 417+ */
 418+ protected function generateUpgradeKey() {
 419+ return $this->generateSecret( 'wgUpgradeKey' );
 420+ }
 421+
 422+ /**
407423 * Create the first user account, grant it sysop and bureaucrat rights
408424 *
409425 * @return Status
Index: trunk/phase3/includes/installer/Installer.i18n.php
@@ -475,7 +475,7 @@
476476 'config-install-interwiki-exists' => "'''Warning''': The interwiki table seems to already have entries.
477477 Skipping default list.",
478478 'config-install-secretkey' => 'Generating secret key',
479 - 'config-insecure-secretkey' => "'''Warning:''' Unable to create secure <code>\$wgSecretKey</code>.
 479+ 'config-insecure-secret' => "'''Warning:''' Unable to create a secure <code>$1</code>.
480480 Consider changing it manually.",
481481 'config-install-sysop' => 'Creating administrator user account',
482482 'config-install-mainpage' => 'Creating main page with default content',

Follow-up revisions

RevisionCommit summaryAuthorDate
r77058Revert r76394 after r76806 and document in getInstallSteps() the existance of...platonides15:19, 20 November 2010

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r76391Followup r75392. Per IRC, we should generate a default $wgUpgradeKey (took a ...demon16:51, 9 November 2010
r76393Followup r76391 per CR: just do $wgUpgradeKey in generateSecretKey()demon17:01, 9 November 2010

Comments

#Comment by MarkAHershberger (talk | contribs)   15:27, 18 November 2010
+			array( 'name' => 'upgradekey', 'callback' => array( $this, 'generateUpgradeKey' ) ),

You forgot to revert r76394.

#Comment by Platonides (talk | contribs)   15:20, 20 November 2010

Done in 77058.

Status & tagging log