ryanvalentin
commented
6 years ago One proposed solution: If we see the token is null, ask the user to create a secret key which will save it as a WordPress option.
Closed ryanvalentin closed 6 years ago
ryanvalentin
commented
6 years ago One proposed solution: If we see the token is null, ask the user to create a secret key which will save it as a WordPress option.
When we create a sync token,
random_bytesis called: https://github.com/disqus/disqus-wordpress-plugin/blob/7d5531e4f3e1746b2291f8e2664430433e8dbf17/disqus/admin/class-disqus-admin.php#L300This is technically only available in PHP 7, but WordPress includes a polyfill for older versions: https://github.com/WordPress/WordPress/blob/master/wp-includes/random_compat/random.php
In some cases, no random options are available and the plugin can throw an unhandled exception:
Fatal error: Uncaught exception 'Exception' with message 'There is no suitable CSPRNG installed on your system'We should try catching this exception, and try generating a sync token another way, if we can.