diff -r 48c4eec2b7e6 -r 8c2e4d02f4ef wp/wp-includes/class-wpdb.php --- a/wp/wp-includes/class-wpdb.php Fri Sep 05 18:40:08 2025 +0200 +++ b/wp/wp-includes/class-wpdb.php Fri Sep 05 18:52:52 2025 +0200 @@ -749,7 +749,13 @@ * @param string $dbname Database name. * @param string $dbhost Database host. */ - public function __construct( $dbuser, $dbpassword, $dbname, $dbhost ) { + public function __construct( + $dbuser, + #[\SensitiveParameter] + $dbpassword, + $dbname, + $dbhost + ) { if ( WP_DEBUG && WP_DEBUG_DISPLAY ) { $this->show_errors(); } @@ -2114,7 +2120,8 @@ * @return bool|void True if the connection is up. */ public function check_connection( $allow_bail = true ) { - if ( ! empty( $this->dbh ) && mysqli_ping( $this->dbh ) ) { + // Check if the connection is alive. + if ( ! empty( $this->dbh ) && mysqli_query( $this->dbh, 'DO 1' ) !== false ) { return true; } @@ -2405,12 +2412,10 @@ static $placeholder; if ( ! $placeholder ) { - // If ext/hash is not present, compat.php's hash_hmac() does not support sha256. - $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1'; // Old WP installs may not have AUTH_SALT defined. $salt = defined( 'AUTH_SALT' ) && AUTH_SALT ? AUTH_SALT : (string) rand(); - $placeholder = '{' . hash_hmac( $algo, uniqid( $salt, true ), $salt ) . '}'; + $placeholder = '{' . hash_hmac( 'sha256', uniqid( $salt, true ), $salt ) . '}'; } /* @@ -3982,12 +3987,13 @@ * * @since 2.5.0 * - * @global string $wp_version The WordPress version string. * @global string $required_mysql_version The required MySQL version string. * @return void|WP_Error */ public function check_database_version() { - global $wp_version, $required_mysql_version; + global $required_mysql_version; + $wp_version = wp_get_wp_version(); + // Make sure the server has the required MySQL version. if ( version_compare( $this->db_version(), $required_mysql_version, '<' ) ) { /* translators: 1: WordPress version number, 2: Minimum required MySQL version number. */