WordPress.org

Ready to get started?Download WordPress

Forums

[closed] Bad wp-config-sample.php file included with WP3.4 downlaod (14 posts)

  1. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    I certainly hope the the WP folks will review the wp-config-sample.php (used to make wp-config.php and then throws the headers already sent issue) file which includes hidden code before <?php and does not contain a closing ?>. Spent too much time working on this today for a new site and find this shocking. I have verified this issue with many others who I asked to do the download today just prior to the release of 3.4.1 (which we assume will fix the issue) and ask WP to do a better job of protecting their servers, users, and the public.

  2. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    Bad wp-config-sample.php file included with WP3.4 download

  3. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    Umm.. Nope. Just downloaded, file looks fine to me.

    What are you seeing? Specifics would help.

  4. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    does not contain a closing ?>

    That is intentional and desired. But code before the beginning <?php is not in the download. Not that I can see.

  5. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

  6. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    Okay, you're going to have to explain the problem you're having in detail... Just posting me a link to the codex page about a common problem that can be caused any number of issues isn't helpful.

    There's nothing wrong in the WordPress download file that I can find. Details. We need details. What is the specific issue?

  7. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    Not that I can see.

    Correct!

  8. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    Correct!

    And? What is the specific issue?

  9. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    1. I downloaded WP3.4 today.
    2. I uploaded to host for new site.
    3. Being quite aware of how to set up a WP site, I did.
    4. After loading the site, I received the (well discussed here) error 'headers already sent'
    5. I reviewed the wp-config.php and:

    Not that I can see.

    I also did not SEE an issue with the file.

    6. I asked others to also download WP3.4 today.
    7. They as I do, verify, and do swear, under Oath, the file contianed hidden code prior to php and no closing tag.

    Please provide a solution, I am reporting, not being confrontational.

  10. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    I'm not arguing, but I've reviewed the files on the server and there's nothing there.

    What was before the <?php?

    Note that the lack of an ending ?> is normal and not an issue. That's intentional. Heck, I argued for years to get that in there.

    Also, if you're upgrading a site, then that's different. The wp-config is not overwritten in an upgrade. But if you're creating a new site, that's something else.

    If you don't tell me what you're actually seeing, and I can't see it, then there's not a whole hell of a lot I can do.

    You say this:

    I also did not SEE an issue with the file.

    Then there likely was no issue and your headers issue came from somewhere else. Anything can create output early. Plugins, themes, etc. I need *specifics*.

  11. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    Three lines of code revealed by using a php editor not commonly used here above <?php that started with <head>...

  12. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    Okay. And? What were these lines of code?

  13. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    As I still have the files, let me re-create. As my host watches.

  14. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    Okay, when you have something more to report, feel free to email it to me directly if you think there is a real security issue. My email is otto@wordpress.org.

    There's no issue with the download that I can find. If you got hacked, then that's a security problem, I grant you, but after extensive checking, it did not come through us.

    But by all means, email me with security issues. Happy to investigate. We just need extensive information, if at all possible.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.