[wp-trac] [WordPress Trac] #54800: Nonce creation causes DB access errors when initializing multisite networks

WordPress Trac noreply at wordpress.org
Wed Jan 12 14:46:32 UTC 2022 

#54800: Nonce creation causes DB access errors when initializing multisite networks
---------------------------+--------------------
 Reporter:  schlessera     |      Owner:  (none)
     Type:  defect (bug)   |     Status:  new
 Priority:  high           |  Milestone:  5.9
Component:  Script Loader  |    Version:  trunk
 Severity:  major          |   Keywords:
  Focuses:                 |
---------------------------+--------------------
 The default script assets to be enqueued via the script loader use nonces
 for the assets that integrate with the WP REST API.

 The nonce creation through `wp_create_nonce()` fails with a database error
 when it is called on a site that has not fully been initialized yet, as
 the table where the nonce is supposed to be stored does not yet exist.

 {{{
 WordPress database error Table 'wp_cli_test.wp_sitemeta' doesn't exist for
 query SELECT meta_value FROM
 wp_sitemeta WHERE meta_key = 'nonce_key' AND site_id = 1 made by
 include('phar:///home/alain/bin/wp/php/boot-phar.php'),
 include('phar:///home/alain/bin/wp/vendor/wp-cli/wp-cli/php/wp-cli.php'),
 WP_CLI\bootstrap, WP_CLI\Bootstrap\LaunchRunner->process,
 WP_CLI\Runner->start, WP_CLI\Runner->load_wordpress,
 require('wp-settings.php'), do_action('init'), WP_Hook->do_action,
 WP_Hook->apply_filters,
 register_block_core_file, register_block_type_from_metadata,
 register_block_script_handle, wp_register_script,
 wp_scripts, WP_Scripts->__construct, WP_Scripts->init,
 do_action_ref_array('wp_default_scripts'),
 WP_Hook->do_action, WP_Hook->apply_filters, wp_default_scripts,
 wp_create_nonce, wp_hash, wp_salt,
 get_site_option, get_network_option
 }}}

 There is already some safeguarding in place around these nonces, but it is
 not enough, as it specifically excludes the case of a multisite setup.

 The `! is_multisite()` condition should be removed from these safeguards
 to ensure the error does never surface.

 This is a follow-up ticket to #54634.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/54800>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list