[wp-trac] [WordPress Trac] #39047: Installer tries to create nonce before options table exists
WordPress Trac
noreply at wordpress.org
Wed Jan 4 05:51:28 UTC 2017
#39047: Installer tries to create nonce before options table exists
-----------------------------+-----------------------
Reporter: nullvariable | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.7.1
Component: Upgrade/Install | Version: 4.7
Severity: normal | Resolution:
Keywords: has-patch | Focuses: rest-api
-----------------------------+-----------------------
Comment (by rmccue):
The underlying reason for the query is that `wp_salt()` attempts to save
the salt to the DB when it's default ("put your unique phrase here"), but
the table does not yet exist. The error doesn't occur when the salts are
set manually/in your wp-config.php, since it doesn't need to write to the
DB.
Detecting this isn't super easy, as you can't know whether the salt will
be loaded from a constant or the DB beforehand. In addition, changing that
function is a bit tough, because it's pluggable.
I remain convinced that [comment:7 what I said] still holds:
> The nonce is only used for authentication checks in any case, which
doesn't make sense if you don't actually ''have'' any users to
authenticate against. If we add things in the installer in the future,
those will need some other way of authenticating.
I'd say we still use `wp_installing()`.
Replying to [comment:15 ocean90]:
> 39047.diff will produce a PHP fatal error if SCRIPT_DEBUG is false
because wp_installing() isn't available in load-scripts.php.
`load-scripts.php` isn't used during installation, as `wp_print_scripts()`
is called directly rather than via `print_footer_scripts`. (This actually
might ''already'' fail from calling `wp_create_nonce`, which isn't
stubbed...; will investigate.)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39047#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list