wp_trusted_keys()

查看官方原文 ↗

💡 云策文档标注

概述

wp_trusted_keys() 函数用于检索 WordPress 信任的签名密钥列表，返回一个 base64 编码的密钥数组。该函数主要用于文件签名验证，可通过 apply_filters() 钩子进行过滤。

关键要点

函数返回类型为 string[]，包含 base64 编码的签名密钥
支持 apply_filters('wp_trusted_keys', $trusted_keys) 钩子，允许开发者过滤信任的密钥
主要用于 verify_file_signature() 函数，验证文件的 ED25519 签名
自 WordPress 5.2.0 版本引入

📄 原文内容

Retrieves the list of signing keys trusted by WordPress.

Return

string[] Array of base64-encoded signing keys.

Source

function wp_trusted_keys() {
	$trusted_keys = array();

	if ( time() < 1617235200 ) {
		// WordPress.org Key #1 - This key is only valid before April 1st, 2021.
		$trusted_keys[] = 'fRPyrxb/MvVLbdsYi+OOEv4xc+Eqpsj+kkAS6gNOkI0=';
	}

	// TODO: Add key #2 with longer expiration.

	/**
	 * Filters the valid signing keys used to verify the contents of files.
	 *
	 * @since 5.2.0
	 *
	 * @param string[] $trusted_keys The trusted keys that may sign packages.
	 */
	return apply_filters( 'wp_trusted_keys', $trusted_keys );
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘wp_trusted_keys’, string[] $trusted_keys ): Filters the valid signing keys used to verify the contents of files.

Uses	Description
apply_filters()`wp-includes/plugin.php`	Calls the callback functions that have been added to a filter hook.

Used by	Description
verify_file_signature()`wp-admin/includes/file.php`	Verifies the contents of a file against its ED25519 signature.

Changelog

Version	Description
5.2.0	Introduced.

云策 WordPress 开发者社区

函数文档

wp_trusted_keys()

概述

关键要点

Return

Source

Hooks

Changelog

函数文档

概述

关键要点

Return

Source

Hooks

Related

Changelog