Support » Installing WordPress » Bad wp-config-sample.php file included with WP3.4 downlaod

  • I certainly hope the the WP folks will review the wp-config-sample.php (used to make wp-config.php and then throws the headers already sent issue) file which includes hidden code before <?php and does not contain a closing ?>. Spent too much time working on this today for a new site and find this shocking. I have verified this issue with many others who I asked to do the download today just prior to the release of 3.4.1 (which we assume will fix the issue) and ask WP to do a better job of protecting their servers, users, and the public.

Viewing 13 replies - 1 through 13 (of 13 total)
  • Thread Starter Pioneer Web Design

    (@swansonphotos)

    Bad wp-config-sample.php file included with WP3.4 download

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    Umm.. Nope. Just downloaded, file looks fine to me.

    What are you seeing? Specifics would help.

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    does not contain a closing ?>

    That is intentional and desired. But code before the beginning <?php is not in the download. Not that I can see.

    Thread Starter Pioneer Web Design

    (@swansonphotos)

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    Okay, you’re going to have to explain the problem you’re having in detail… Just posting me a link to the codex page about a common problem that can be caused any number of issues isn’t helpful.

    There’s nothing wrong in the WordPress download file that I can find. Details. We need details. What is the specific issue?

    Thread Starter Pioneer Web Design

    (@swansonphotos)

    Not that I can see.

    Correct!

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    Correct!

    And? What is the specific issue?

    Thread Starter Pioneer Web Design

    (@swansonphotos)

    1. I downloaded WP3.4 today.
    2. I uploaded to host for new site.
    3. Being quite aware of how to set up a WP site, I did.
    4. After loading the site, I received the (well discussed here) error ‘headers already sent’
    5. I reviewed the wp-config.php and:

    Not that I can see.

    I also did not SEE an issue with the file.

    6. I asked others to also download WP3.4 today.
    7. They as I do, verify, and do swear, under Oath, the file contianed hidden code prior to php and no closing tag.

    Please provide a solution, I am reporting, not being confrontational.

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    I’m not arguing, but I’ve reviewed the files on the server and there’s nothing there.

    What was before the <?php?

    Note that the lack of an ending ?> is normal and not an issue. That’s intentional. Heck, I argued for years to get that in there.

    Also, if you’re upgrading a site, then that’s different. The wp-config is not overwritten in an upgrade. But if you’re creating a new site, that’s something else.

    If you don’t tell me what you’re actually seeing, and I can’t see it, then there’s not a whole hell of a lot I can do.

    You say this:

    I also did not SEE an issue with the file.

    Then there likely was no issue and your headers issue came from somewhere else. Anything can create output early. Plugins, themes, etc. I need *specifics*.

    Thread Starter Pioneer Web Design

    (@swansonphotos)

    Three lines of code revealed by using a php editor not commonly used here above <?php that started with <head>…

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    Okay. And? What were these lines of code?

    Thread Starter Pioneer Web Design

    (@swansonphotos)

    As I still have the files, let me re-create. As my host watches.

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    Okay, when you have something more to report, feel free to email it to me directly if you think there is a real security issue. My email is otto@wordpress.org.

    There’s no issue with the download that I can find. If you got hacked, then that’s a security problem, I grant you, but after extensive checking, it did not come through us.

    But by all means, email me with security issues. Happy to investigate. We just need extensive information, if at all possible.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Bad wp-config-sample.php file included with WP3.4 downlaod’ is closed to new replies.