Harden the maintenance mode bypass while scraping.

WordPress · Feb 17, 2024 · 56a2298 · 56a2298
1 parent ad8f28c
commit 56a2298
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/wp-includes/load.php b/src/wp-includes/load.php
@@ -411,7 +411,12 @@ function wp_is_maintenance_mode() {
 
 	// Do not enable maintenance mode while scraping for fatal errors.
 	if ( isset( $_REQUEST['wp_scrape_key'], $_REQUEST['wp_scrape_nonce'] ) ) {
-		return false;
+		$key   = substr( sanitize_key( wp_unslash( $_REQUEST['wp_scrape_key'] ) ), 0, 32 );
+		$nonce = wp_unslash( $_REQUEST['wp_scrape_nonce'] );
+
+		if ( get_transient( 'scrape_key_' . $key ) === $nonce ) {
+			return false;
+		}
 	}
 
 	if ( ! file_exists( ABSPATH . '.maintenance' ) || wp_installing() ) {