WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
02/11/2025 11:12:03 AM (3 months ago)
Author:
johnbillion
Message:

Security: Explicitly require the hash PHP extension and add requirement checks during installation and upgrade.

This extension provides the hash() function and support for the SHA-256 algorithm, both of which are required for upcoming security related changes. This extension is almost universally enabled, however it is technically possible to disable it on PHP 7.2 and 7.3, hence the introduction of this requirement and the corresponding requirement checks prior to installing or upgrading WordPress.

Props peterwilsoncc, ayeshrajans, dd32, SergeyBiryukov, johnbillion.

Fixes #60638, #62815, #56017

See #21022

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/version.php

    r59275 r59803  
    4141
    4242/**
     43 * Holds the names of required PHP extensions.
     44 *
     45 * @global string[] $required_php_extensions
     46 */
     47$required_php_extensions = array(
     48    'json',
     49    'hash',
     50);
     51
     52/**
    4353 * Holds the required MySQL version.
    4454 *
Note: See TracChangeset for help on using the changeset viewer.