Opened 10 years ago
Closed 10 years ago
#29694 closed defect (bug) (fixed)
wp_not_installed() has an unbounded check for "install.php"
Reported by: | nacin | Owned by: | joemcgill |
---|---|---|---|
Milestone: | 4.1 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Bootstrap/Load | Keywords: | good-first-bug has-patch |
Focuses: | Cc: |
Description
This is a good-first-bug.
Steps to reproduce: Don't install WordPress. (Easy way to 'uninstall': change the table prefix.) Go to wp-admin/plugin-install.php. You'll be redirected to /wp-admin/upgrade.php
. Specifically, it'll be at the root, so if you have WP installed not at the root of your domain, it'll probably fail. Also, it'll fail because WP isn't installed.
The issue is wp_not_installed() does false === strpos( $_SERVER['PHP_SELF'], 'install.php' )
which would fail for wp-admin/plugin-install.php or theme-install.php.
To fix this check we probably need to be a bit smarter. (Don't forget that PHP_SELF isn't necessarily normalized and slashes could be in different directions.) However, since we already are checking WP_INSTALLING, we can possibly excise this PHP_SELF conditional entirely.
The solution here should be paired with a quick study of the history of this code (note: it pre-dates 3.0, even though wp_not_installed() is new in 3.0, and sat probably in wp-settings.php before then) to determine why this check is there to begin with, seeing that it appears to be redundant with WP_INSTALLING. If it predates WP_INSTALLING, and the constant check was added for other reasons, that would explain it. Please cross-reference any relevant tickets and changesets you find.
Attachments (1)
Change History (7)
#3
in reply to:
↑ 2
;
follow-up:
↓ 4
@
10 years ago
Replying to DrewAPicture: Total trac newb question (this is my second patch, ever): anything I need to do to carry this through since I've been assigned ownership? If so, I'm happy to do so, just not sure. Thanks.
#4
in reply to:
↑ 3
;
follow-up:
↓ 5
@
10 years ago
Replying to joemcgill:
Replying to DrewAPicture: Total trac newb question (this is my second patch, ever): anything I need to do to carry this through since I've been assigned ownership? If so, I'm happy to do so, just not sure. Thanks.
Just keep on what you've been doing :) The ownership thing is just for the benefit of the good-first-bug list so that it shows as "claimed".
#5
in reply to:
↑ 4
@
10 years ago
Replying to DrewAPicture:
Replying to joemcgill:
Replying to DrewAPicture: Total trac newb question (this is my second patch, ever): anything I need to do to carry this through since I've been assigned ownership? If so, I'm happy to do so, just not sure. Thanks.
Just keep on what you've been doing :) The ownership thing is just for the benefit of the good-first-bug list so that it shows as "claimed".
Thanks. Just didn't want to drop any balls unknowingly.
tl;dr - I think it's safe to kill the check for install.php.
A brief history lesson: