[wp-trac] [WordPress Trac] #52484: The wp_update_https_detection_errors function may fail to update option values.
WordPress Trac
noreply at wordpress.org
Mon Mar 1 20:13:44 UTC 2021
#52484: The wp_update_https_detection_errors function may fail to update option
values.
--------------------------+---------------------
Reporter: tmatsuur | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.7.1
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+---------------------
Comment (by flixos90):
@SergeyBiryukov I agree there is some extra complexity here, but I think
we should at least add a partial fix to the problem before releasing 5.7
since showing the direct HTTPS update CTA when it's not actually supported
would be detrimental; users would falsely be assured that they can safely
switch.
I suggest we come up with a simpler solution and prioritize this again for
the 5.7 release, as IMO due to the above concern it's critical enough.
* Either go with the simpler solution outlined in the ticket description
of using `sanitize_text_field()` on the error messages.
* Or check if the `update_option` call failed, and re-attempt with a
static message like "HTTP request failed.".
* Or, since we don't use the real message anyway, simply always use "HTTP
request failed." instead of the exception message.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52484#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list