[wp-trac] [WordPress Trac] #29518: Fatal error in WP_Session_Tokens::hash_token()
WordPress Trac
noreply at wordpress.org
Wed Sep 17 17:52:54 UTC 2014
#29518: Fatal error in WP_Session_Tokens::hash_token()
------------------------------+--------------------
Reporter: SergeyBiryukov | Owner:
Type: defect (bug) | Status: new
Priority: low | Milestone: 4.0.1
Component: Security | Version: 4.0
Severity: major | Resolution:
Keywords: has-patch commit | Focuses:
------------------------------+--------------------
Changes (by nacin):
* keywords: has-patch => has-patch commit
* priority: normal => low
* component: General => Security
* severity: normal => major
Comment:
Replying to [comment:8 jorhett]:
> I would highly recommend that you push out an immediate fix to sample
for whether hash works by running a quick test before doing the upgrade
that you are very demandy about in the wordpress dashboard. Right now
that's a button to kill your site, and for hosted blogs where the provider
isn't quick to update packages they will be dead in the water.
>
> easier than a complete fix -- just add a test for hash, and report back
to the user instead of upgrading.
We'll definitely ship this in 4.0.1, expecting in the next 5 days I'd say.
This affects very, very few sites. And honestly, a site breaking over this
means they'll be forced to contact their host to get this resolved, which
isn't the end of the world, because they're essentially dealing with a
borked PHP install — and because their content is ultimately OK, and even
the frontend of their site is ultimately OK, as would an auto update.
Going to go ahead and get this committed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29518#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list