[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks

WordPress Trac noreply at wordpress.org
Thu Apr 18 02:40:15 UTC 2019


#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------
 Reporter:  paragoninitiativeenterprises  |       Owner:  pento
     Type:  task (blessed)                |      Status:  assigned
 Priority:  normal                        |   Milestone:  5.2
Component:  Upgrade/Install               |     Version:  4.8
 Severity:  critical                      |  Resolution:
 Keywords:  has-patch                     |     Focuses:
------------------------------------------+-----------------------

Comment (by dd32):

 Replying to [comment:78 dd32]:
 > I'd suggest we simply reduce the test to this to completely disable the
 functionality on potentially affected installs (and in the future, disable
 verification checking requirements on an affected install)
 > {{{
 > if (
 >    ! extension_loaded('sodium') &&
 >    in_array( PHP_VERSION_ID, [70200, 70201, 70202] )
 > ) {
 > }}}

 [attachment:"39309-phpbug.2.diff"] implements this, but it also checks for
 the existence of `opcache_get_status()` which can also be used to
 determine if the opcache is enabled or not.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:79>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list