WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 22 months ago

#34200 closed defect (bug) (duplicate)

Prompted to upgrade database when visiting /wp-admin/ and logged out

Reported by: morganestes Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Database Keywords:
Focuses: administration Cc:

Description

When accessing /wp-admin/ while signed out on a site that was autoupdated from 4.3.0 to 4.3.1, I was prompted to update the database before continuing, even though I wasn't logged in as an administrator. Non-logged-in visits to the admin page should not prompt to take administrative actions (like upgrading a DB) without first authenticating the user as someone who has permissions to do so.

Change History (12)

#1 @ocean90
5 years ago

Related/Duplicate: #3901

#2 @SergeyBiryukov
5 years ago

  • Component changed from General to Database

#3 @pavelevap
5 years ago

Related/duplicate? #33095

#4 @atomicjack
5 years ago

Confirmed in: 4.1.1, 4.3.1 and 4.3.2.

Current result: Non-logged in users visiting /wp-admin/ are requested to upgrade the database.

Expected result: Display log-in screen.

This ticket was mentioned in Slack in #core by boone. View the logs.


5 years ago

#7 @nacin
5 years ago

To be clear: The problem here is the potential for simultaneous upgrades — see #3901 — *not* any kind of authentication issue. We've long ago made the determination that DB upgrades do not require authentication.

The existing core upgrader currently relies on this — it fires a DB upgrade automatically by sending an unauthenticated HTTP request. This means that most people actually never see this page anymore.

Cron jobs that run curl -s .../wp-admin/upgrade.php?step=upgrade_db also rely on this.

#8 @ericlewis
5 years ago

  • Keywords close added

Let's call this a duplicate of #34200 and intended behavior.

#9 @pento
5 years ago

  • Keywords close removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed
  • Version 4.3.1 deleted

Duplicate of #3901.

It's also worth noting that the risk of simultaneous upgrades causing problem is very low. Running the same ALTER TABLE at the same time, for example, will cause the ALTER to occur in whichever thread gets the table lock first. The second ALTER will return quickly, finding that it no longer has anything to do.

This ticket was mentioned in Slack in #core by ocean90. View the logs.


4 years ago

This ticket was mentioned in Slack in #core by skithund. View the logs.


2 years ago

#12 @bamadesigner
22 months ago

Can we re-visit this discussion?

My concern isn't over "potential for simultaneous upgrades" or whether or not authentication is required. My concern is over the user experience.

I just went to login to a site and got the “Database Update Required” screen. I wasn't logged in. I didn't get the login screen. Just the database update screen.

Now I'm a WordPress dev, not a "not dev experienced" site owner and even I freaked out. I thought there was a serious bug on the site. I didn't know we don't require authentication to do database upgrades.

But I'm not here to discuss/argue whether or not to require authentication for DB upgrades. But I would like to question the need for this screen because its confusing, if not frightening.

This UX seems to go against a lot of what we try to teach users about security.

Is it possible to, instead of displaying the screen, to just trigger the DB update and then redirect to the login screen?

Why do we need this screen? Why do we need a user to click the button?

Thanks!

Last edited 22 months ago by bamadesigner (previous) (diff)
Note: See TracTickets for help on using tickets.