Make WordPress Core

Opened 12 years ago

Closed 9 years ago

#20779 closed enhancement (fixed)

Recommend a user updates keys/salts in maint/repair.php

Reported by: nacin's profile nacin Owned by: chriscct7's profile chriscct7
Milestone: 4.3 Priority: normal
Severity: normal Version:
Component: Security Keywords: has-patch
Focuses: Cc:

Description

In maint/repair.php, we tell a user they need to add WP_ALLOW_REPAIR.

Since they are already going into wp-config.php, we should also encourage them to update their unique phrases for keys and salts, assuming they do not have a complete set of 8 unique ones already.

Attachments (2)

20779.diff (1.5 KB) - added by nacin 12 years ago.
20779.1.patch (1.6 KB) - added by chriscct7 9 years ago.

Download all attachments as: .zip

Change History (13)

@nacin
12 years ago

#1 @ryan
12 years ago

Looks good.

#2 @nacin
12 years ago

In [20953]:

Do not perform nonce checks in maint/repair.php.

If the options table is damaged and the keys/salts fall back to the database,
the nonce will never validate.

fixes #20780. see #20779.

#3 @westi
12 years ago

This is an excellent idea, patch looks great.

#4 @jkudish
12 years ago

  • Cc joachim.kudish@… added

@chriscct7
9 years ago

#5 @chriscct7
9 years ago

  • Keywords 3.5-early removed
  • Milestone changed from Future Release to 4.3
  • Owner set to chriscct7
  • Status changed from new to accepted

Refreshed patch to follow core formatting standards. This is a good idea. Let's get it in.

#6 @obenland
9 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 32830:

Recommend a user updates keys/salts in maint/repair.php.

Since they are already going into wp-config.php, we should also encourage
them to update their unique phrases for keys and salts, assuming they do not
have a complete set of 8 unique ones already.

Props nacin, chriscct7.
Fixes #20779.

#7 @nacin
9 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

I am not sure we should harass them about missing keys.

#8 @obenland
9 years ago

I still believe this is a good change. We could adjust the wording to be even less pushy, but I think it's reasonable to recommend updating them.

This ticket was mentioned in Slack in #core by helen. View the logs.


9 years ago

#10 @helen
9 years ago

I think it's fine to prod somebody who's here about the keys, but the string is a little bit harass-y. Maybe:

While you are editing your wp-config.php file, take a moment to make sure you have all 8 keys and that they are unique. You can generate these using the WordPress.org secret key service.

#11 @obenland
9 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 33026:

Improve the tone of key/salts recommendation message.

Also adds some inline comments to make it easier to understand how it
is determined whether to show the message or not.

Props helen.
Fixes #20779.

Note: See TracTickets for help on using tickets.