WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
02/11/2025 11:12:03 AM (2 months ago)
Author:
johnbillion
Message:

Security: Explicitly require the hash PHP extension and add requirement checks during installation and upgrade.

This extension provides the hash() function and support for the SHA-256 algorithm, both of which are required for upcoming security related changes. This extension is almost universally enabled, however it is technically possible to disable it on PHP 7.2 and 7.3, hence the introduction of this requirement and the corresponding requirement checks prior to installing or upgrading WordPress.

Props peterwilsoncc, ayeshrajans, dd32, SergeyBiryukov, johnbillion.

Fixes #60638, #62815, #56017

See #21022

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-settings.php

    r59670 r59803  
    2323 * these values if already set.
    2424 *
    25  * @global string $wp_version             The WordPress version string.
    26  * @global int    $wp_db_version          WordPress database version.
    27  * @global string $tinymce_version        TinyMCE version.
    28  * @global string $required_php_version   The required PHP version string.
    29  * @global string $required_mysql_version The required MySQL version string.
    30  * @global string $wp_local_package       Locale code of the package.
    31  */
    32 global $wp_version, $wp_db_version, $tinymce_version, $required_php_version, $required_mysql_version, $wp_local_package;
     25 * @global string   $wp_version              The WordPress version string.
     26 * @global int      $wp_db_version           WordPress database version.
     27 * @global string   $tinymce_version         TinyMCE version.
     28 * @global string   $required_php_version    The required PHP version string.
     29 * @global string[] $required_php_extensions The names of required PHP extensions.
     30 * @global string   $required_mysql_version  The required MySQL version string.
     31 * @global string   $wp_local_package        Locale code of the package.
     32 */
     33global $wp_version, $wp_db_version, $tinymce_version, $required_php_version, $required_php_extensions, $required_mysql_version, $wp_local_package;
    3334require ABSPATH . WPINC . '/version.php';
    3435require ABSPATH . WPINC . '/compat.php';
Note: See TracChangeset for help on using the changeset viewer.