[wp-trac] [WordPress Trac] #29694: wp_not_installed() has an unbounded check for "install.php"
WordPress Trac
noreply at wordpress.org
Wed Sep 17 19:19:21 UTC 2014
#29694: wp_not_installed() has an unbounded check for "install.php"
----------------------------+----------------------------
Reporter: nacin | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.1
Component: Bootstrap/Load | Version:
Severity: normal | Keywords: good-first-bug
Focuses: |
----------------------------+----------------------------
This is a good-first-bug.
Steps to reproduce: Don't install WordPress. (Easy way to 'uninstall':
change the table prefix.) Go to wp-admin/plugin-install.php. You'll be
redirected to `/wp-admin/upgrade.php`. Specifically, it'll be at the root,
so if you have WP installed not at the root of your domain, it'll probably
fail. Also, it'll fail because WP isn't installed.
The issue is wp_not_installed() does `false === strpos(
$_SERVER['PHP_SELF'], 'install.php' )` which would fail for wp-admin
/plugin-install.php or theme-install.php.
To fix this check we probably need to be a bit smarter. (Don't forget that
PHP_SELF isn't necessarily normalized and slashes could be in different
directions.) However, since we already are checking WP_INSTALLING, we can
possibly excise this PHP_SELF conditional entirely.
The solution here should be paired with a quick study of the history of
this code (note: it pre-dates 3.0, even though wp_not_installed() is new
in 3.0, and sat probably in wp-settings.php before then) to determine why
this check is there to begin with, seeing that it appears to be redundant
with WP_INSTALLING. If it predates WP_INSTALLING, and the constant check
was added for other reasons, that would explain it. Please cross-reference
any relevant tickets and changesets you find.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29694>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list