[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks
WordPress Trac
noreply at wordpress.org
Thu Apr 18 02:40:15 UTC 2019
#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------
Reporter: paragoninitiativeenterprises | Owner: pento
Type: task (blessed) | Status: assigned
Priority: normal | Milestone: 5.2
Component: Upgrade/Install | Version: 4.8
Severity: critical | Resolution:
Keywords: has-patch | Focuses:
------------------------------------------+-----------------------
Comment (by dd32):
Replying to [comment:78 dd32]:
> I'd suggest we simply reduce the test to this to completely disable the
functionality on potentially affected installs (and in the future, disable
verification checking requirements on an affected install)
> {{{
> if (
> ! extension_loaded('sodium') &&
> in_array( PHP_VERSION_ID, [70200, 70201, 70202] )
> ) {
> }}}
[attachment:"39309-phpbug.2.diff"] implements this, but it also checks for
the existence of `opcache_get_status()` which can also be used to
determine if the opcache is enabled or not.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:79>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list