Skip to content
Browse files

Do not perform nonce checks in maint/repair.php.

If the options table is damaged and the keys/salts fall back to the database,
the nonce will never validate.

fixes #20780. see #20779.



git-svn-id: http://core.svn.wordpress.org/trunk@20953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
1 parent e506b3e commit f96b41dd3f1438067be5fc006fa7e9085a354a7d nacin committed May 30, 2012
Showing with 2 additions and 4 deletions.
  1. +2 −4 wp-admin/maint/repair.php
View
6 wp-admin/maint/repair.php
@@ -26,8 +26,6 @@
if ( ! defined( 'WP_ALLOW_REPAIR' ) ) {
echo '<p>' . __( 'To allow use of this page to automatically repair database problems, please add the following line to your <code>wp-config.php</code> file. Once this line is added to your config, reload this page.' ) . "</p><code>define('WP_ALLOW_REPAIR', true);</code>";
} elseif ( isset( $_GET['repair'] ) ) {
- check_admin_referer( 'repair_db' );
-
$optimize = 2 == $_GET['repair'];
$okay = true;
$problems = array();
@@ -104,9 +102,9 @@
else
echo '<p>' . __( 'WordPress can automatically look for some common database problems and repair them. Repairing can take a while, so please be patient.' ) . '</p>';
?>
- <p class="step"><a class="button" href="<?php echo wp_nonce_url( 'repair.php?repair=1', 'repair_db' ); ?>"><?php _e( 'Repair Database' ); ?></a></p>
+ <p class="step"><a class="button" href="repair.php?repair=1"><?php _e( 'Repair Database' ); ?></a></p>
<p><?php _e( 'WordPress can also attempt to optimize the database. This improves performance in some situations. Repairing and optimizing the database can take a long time and the database will be locked while optimizing.' ); ?></p>
- <p class="step"><a class="button" href="<?php echo wp_nonce_url( 'repair.php?repair=2', 'repair_db' ); ?>"><?php _e( 'Repair and Optimize Database' ); ?></a></p>
+ <p class="step"><a class="button" href="repair.php?repair=2"><?php _e( 'Repair and Optimize Database' ); ?></a></p>
<?php
}
?>

0 comments on commit f96b41d

Please sign in to comment.
Something went wrong with that request. Please try again.