Remove nonces in maint/repair.php
|Reported by:||nacin||Owned by:||nacin|
|Severity:||major||Keywords:||has-patch dev-reviewed, commit|
Since salts (and now keys) fall back to the database, a user with an options table down for the count often won't be able to repair the database. That's because maint/repair.php has nonce checks.
I chatted with ryan about this, and he confirmed that there definitely should not be nonces here.
A friend of mine just ran into this. Luckily I knew exactly why he was seeing "Please try again" over and over again, but most users do not have core developers as neighbors.
See also #20779, where we can encourage extra security on maint/repair.php by seeing if they actually have a complete set of keys in place.