Coming 2.0.2 fixes, logs, requests

Post a reply


This question is a means of preventing automated form submissions by spambots.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
BBCode is ON
[img] is ON
[url] is ON
Smilies are ON
Topic review
   

If you wish to attach one or more files enter the details below.

Maximum filesize per attachment: 1 MiB.

Expand view Topic review: Coming 2.0.2 fixes, logs, requests

Re: Coming 2.0.2 fixes, logs, requests

by axew3 » Sun Dec 29, 2019 9:39 pm

If using the custom phpBB config.php file before 2.0.2

To fix the (secondary) phpBB custom config.php security issue, open file

/wp-content/plugins/wp-w3all-config/config.php

and change the very first line:

Code: Select all

<?php
into

Code: Select all

<?php defined( 'ABSPATH' ) or die( 'forbidden' );

Re: Coming 2.0.2 fixes, logs, requests

by axew3 » Sun Dec 29, 2019 1:29 am

Since many bugs resolved, and after long time, network installations fixes
version 2.0.2 will be released as soon within few hours (if no evil come out)

Code: Select all

== Changelog ==

= 2.0.2 =
*Release Date - 29 Dic, 2019*
* Fix: mums network installations
* Fix: nicenames for network and common wp installations 
* Fix: '/wp-content/plugins/wp-w3all-phpbb-integration/views/wp_w3all_login_form.php' to be suitable into any kind of wp installation
* Fix: (secondary) security fix for the custom phpBB config.php file '/wp-content/plugins/wp-w3all-phpbb-integration/addons/wp-w3all-config/config.php'. Please follow this step if you want to fix the issue: https://www.axew3.com/w3/forums/viewtopic.php?f=2&t=1448&p=4241#p4241
* Fix: correct profile fields (email) updates flow
* Minor fixes

Re: Coming 2.0.2 fixes, logs, requests

by axew3 » Sat Dec 28, 2019 10:47 am

beside the fact it can be easily worked around, how this happen i really do not know at moment .. will try to ask somewhere
i already found this in the past, and i see that situation not changed.
sanitize_user and wp_insert_user seem to mess up in certain situations.
Then an improved fix to this has been added.
2.0.2 is coming very soon to fix and resolve several important issues.

Re: Coming 2.0.2 fixes, logs, requests

by axew3 » Fri Dec 27, 2019 11:41 pm

Looking into all about fixing mums network installations, i see that

Code: Select all

sanitize_user( $username, $strict = false );
transform something like
Btester
into
btester

beside the fact it can be easily worked around, how this happen i really do not know at moment .. will try to ask somewhere

Coming 2.0.2 fixes, logs, requests

by axew3 » Fri Dec 27, 2019 8:40 pm

on next wp_w3all 2.0.2 will be checked fixed all about WP MUMS, wordpress network installations.
Just testing the code, there is already a deprecated filter in use to switch to:
wpmu_new_blog is obsolete and since wp 5.1.0 is now substituted by -> wp_insert_site
all about wp mums will be checked and eventually fixed on 2.0.2.

More code cuts about redundant and (really not needed) redirects.

Fix a secondary security bug into the custom config.php file, if used. To fix, it's needed to add just a line of code on top of the file, just after the starting <?php tag:

Code: Select all

defined( 'ABSPATH' ) or die( 'forbidden' );
...

Top