#3901 closed defect (bug) (wontfix)
Version Database updater displays to any user, not just administrators
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | Administration | Version: | 2.1.1 |
| Severity: | normal | Keywords: | needs-patch |
| Cc: |
Description
When an upgrade to WordPress has been performed, and wp-admin/ is visited, any visitor, not just logged in users, can initiate the update process. Simultaneous upgrades could cause problems.
Change History (7)
comment:1
JeremyVisser — 6 years ago
- Priority changed from normal to high
- Severity changed from critical to normal
comment:2
markjaquith — 6 years ago
Asking for a login won't guarantee non-simultaneous upgrades. We'd need some sort of mutex scheme.
Seems an edge case, though... there's a limited window for simultaneous upgrades, and most upgrade functions should be safe to run more than once. If they aren't, they should be rewritten.
Can't we somehow leverage the wp-cron for this, because it already contains logic against contention (see [4509])
- Keywords needs-patch added
- Milestone changed from 2.3 (trunk) to 2.4 (future)
- Milestone changed from 2.5 to 2.6
This needs serious thought before changing - if we want to avoid the concurrency then we need to have a mutex of some sort and lots of testing.
Moving out of this release.
- Resolution set to wontfix
- Status changed from new to closed
This appears to have lost traction. And appears to be a mute point.
+1. I have worried about this in the past, as well. Simple solution is to ask the user to log in first.
In fact, occasionally when I have come across someone's blog and I see some database errors being ejected into the sidebar, etc., I have gone into /wp-admin/ just to check to see if there's an update pending, and done it for them. ;)