[wp-trac] [WordPress Trac] #29518: Fatal error in WP_Session_Tokens::hash_token()

WordPress Trac noreply at wordpress.org
Wed Sep 17 17:52:54 UTC 2014


#29518: Fatal error in WP_Session_Tokens::hash_token()
------------------------------+--------------------
 Reporter:  SergeyBiryukov    |       Owner:
     Type:  defect (bug)      |      Status:  new
 Priority:  low               |   Milestone:  4.0.1
Component:  Security          |     Version:  4.0
 Severity:  major             |  Resolution:
 Keywords:  has-patch commit  |     Focuses:
------------------------------+--------------------
Changes (by nacin):

 * keywords:  has-patch => has-patch commit
 * priority:  normal => low
 * component:  General => Security
 * severity:  normal => major


Comment:

 Replying to [comment:8 jorhett]:
 > I would highly recommend that you push out an immediate fix to sample
 for whether hash works by running a quick test before doing the upgrade
 that you are very demandy about in the wordpress dashboard. Right now
 that's a button to kill your site, and for hosted blogs where the provider
 isn't quick to update packages they will be dead in the water.
 >
 > easier than a complete fix -- just add a test for hash, and report back
 to the user instead of upgrading.

 We'll definitely ship this in 4.0.1, expecting in the next 5 days I'd say.
 This affects very, very few sites. And honestly, a site breaking over this
 means they'll be forced to contact their host to get this resolved, which
 isn't the end of the world, because they're essentially dealing with a
 borked PHP install — and because their content is ultimately OK, and even
 the frontend of their site is ultimately OK, as would an auto update.

 Going to go ahead and get this committed.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/29518#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list