[wp-trac] [WordPress Trac] #20780: Remove nonces in maint/repair.php
WordPress Trac
wp-trac at lists.automattic.com
Tue May 29 18:10:45 UTC 2012
#20780: Remove nonces in maint/repair.php
----------------------------+-----------------
Reporter: nacin | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.4
Component: Administration | Version:
Severity: major | Keywords:
----------------------------+-----------------
Since salts (and now keys) fall back to the database, a user with an
options table down for the count often won't be able to repair the
database. That's because maint/repair.php has nonce checks.
I chatted with ryan about this, and he confirmed that there definitely
should not be nonces here.
A friend of mine just ran into this. Luckily I knew exactly why he was
seeing "Please try again" over and over again, but most users do not have
core developers as neighbors.
See also #20779, where we can encourage extra security on maint/repair.php
by seeing if they actually have a complete set of keys in place.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20780>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list