[wp-trac] [WordPress Trac] #20780: Remove nonces in maint/repair.php

WordPress Trac wp-trac at lists.automattic.com
Tue May 29 18:10:45 UTC 2012


#20780: Remove nonces in maint/repair.php
----------------------------+-----------------
 Reporter:  nacin           |      Owner:
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  3.4
Component:  Administration  |    Version:
 Severity:  major           |   Keywords:
----------------------------+-----------------
 Since salts (and now keys) fall back to the database, a user with an
 options table down for the count often won't be able to repair the
 database. That's because maint/repair.php has nonce checks.

 I chatted with ryan about this, and he confirmed that there definitely
 should not be nonces here.

 A friend of mine just ran into this. Luckily I knew exactly why he was
 seeing "Please try again" over and over again, but most users do not have
 core developers as neighbors.

 See also #20779, where we can encourage extra security on maint/repair.php
 by seeing if they actually have a complete set of keys in place.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/20780>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list