[wp-trac] [WordPress Trac] #46130: Only pause extensions for users with recovery access

[WordPress Trac]

#46130: Only pause extensions for users with recovery access
----------------------------------+--------------------------------
 Reporter:  flixos90              |       Owner:  TimothyBlynJacobs
     Type:  defect (bug)          |      Status:  closed
 Priority:  high                  |   Milestone:  5.2
Component:  Bootstrap/Load        |     Version:  5.1
 Severity:  normal                |  Resolution:  fixed
 Keywords:  servehappy has-patch  |     Focuses:
----------------------------------+--------------------------------

Comment (by flixos90):

 In [changeset:"45211" 45211]:
 {{{
 #!CommitTicketReference repository="" revision="45211"
 Bootstrap/Load: Allow more than one recovery link to be valid at a time.

 While currently a recovery link is only made available via the admin email
 address, this will be expanded in the future. In order to accomplish that,
 the mechanisms to store and validate recovery keys must support multiple
 keys to be valid at the same time.

 This changeset adds that support, adding an additional token parameter
 which is part of a recovery link in addition to the key. A key itself is
 always associated with a token, so the two are only valid in combination.
 These associations are stored in a new `recovery_keys` option, which is
 regularly cleared in a new Cron hook, to prevent potential cluttering from
 unused recovery keys.

 This changeset does not have any user-facing implications otherwise.

 Props pbearne, timothyblynjacobs.
 Fixes #46595. See #46130.
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46130#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform