WordPress.org

Make WordPress Core

Changeset 20953


Ignore:
Timestamp:
05/30/12 16:22:53 (3 years ago)
Author:
nacin
Message:

Do not perform nonce checks in maint/repair.php.

If the options table is damaged and the keys/salts fall back to the database,
the nonce will never validate.

fixes #20780. see #20779.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/maint/repair.php

    r19937 r20953  
    2727    echo '<p>' . __( 'To allow use of this page to automatically repair database problems, please add the following line to your <code>wp-config.php</code> file. Once this line is added to your config, reload this page.' ) . "</p><code>define('WP_ALLOW_REPAIR', true);</code>"; 
    2828} elseif ( isset( $_GET['repair'] ) ) { 
    29     check_admin_referer( 'repair_db' ); 
    30  
    3129    $optimize = 2 == $_GET['repair']; 
    3230    $okay = true; 
     
    105103        echo '<p>' . __( 'WordPress can automatically look for some common database problems and repair them. Repairing can take a while, so please be patient.' ) . '</p>'; 
    106104?> 
    107     <p class="step"><a class="button" href="<?php echo wp_nonce_url( 'repair.php?repair=1', 'repair_db' ); ?>"><?php _e( 'Repair Database' ); ?></a></p> 
     105    <p class="step"><a class="button" href="repair.php?repair=1"><?php _e( 'Repair Database' ); ?></a></p> 
    108106    <p><?php _e( 'WordPress can also attempt to optimize the database. This improves performance in some situations. Repairing and optimizing the database can take a long time and the database will be locked while optimizing.' ); ?></p> 
    109     <p class="step"><a class="button" href="<?php echo wp_nonce_url( 'repair.php?repair=2', 'repair_db' ); ?>"><?php _e( 'Repair and Optimize Database' ); ?></a></p> 
     107    <p class="step"><a class="button" href="repair.php?repair=2"><?php _e( 'Repair and Optimize Database' ); ?></a></p> 
    110108<?php 
    111109} 
Note: See TracChangeset for help on using the changeset viewer.