[wp-trac] [WordPress Trac] #42431: wpdb prepare - {} replaced with % if AUTH_SALT is defined as null or empty string
WordPress Trac
noreply at wordpress.org
Fri Nov 3 13:27:09 UTC 2017
#42431: wpdb prepare - {} replaced with % if AUTH_SALT is defined as null or empty
string
----------------------------+-----------------------------
Reporter: jsonfry | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Database | Version: 4.8.3
Severity: normal | Keywords:
Focuses: administration |
----------------------------+-----------------------------
In includes/wp-db.php line 1967, the `defined` function is used which
checks if the constant has been set, but not if it's actually got a
(usable) value in it. It could also also check for null / or empty string.
This manifested for us when adding / removing a user role. In our roles we
have a user that has no capabilities, and when we added a new role after
updating to 4.8.3 the php serialzed array that gets saved to wp_user_roles
in the wp_options table has a % instead of a {}, which was pretty fatal
when attempting to deserialize it - our site then appeared to have no
roles.
(We should have had AUTH_SALT set, but we didn't. We use Bedrock so it was
expecting AUTH_SALT as an env var, and setting is regardless.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42431>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list