WordPress.org

Make WordPress Core

Opened 23 months ago

Last modified 22 months ago

#20779 new enhancement

Recommend a user updates keys/salts in maint/repair.php

Reported by: nacin Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Security Keywords: has-patch 3.5-early
Focuses: Cc:

Description

In maint/repair.php, we tell a user they need to add WP_ALLOW_REPAIR.

Since they are already going into wp-config.php, we should also encourage them to update their unique phrases for keys and salts, assuming they do not have a complete set of 8 unique ones already.

Attachments (1)

20779.diff (1.5 KB) - added by nacin 23 months ago.

Download all attachments as: .zip

Change History (5)

nacin23 months ago

comment:1 ryan23 months ago

Looks good.

comment:2 nacin23 months ago

In [20953]:

Do not perform nonce checks in maint/repair.php.

If the options table is damaged and the keys/salts fall back to the database,
the nonce will never validate.

fixes #20780. see #20779.

comment:3 westi23 months ago

This is an excellent idea, patch looks great.

comment:4 jkudish22 months ago

  • Cc joachim.kudish@… added
Note: See TracTickets for help on using tickets.