by axew3 » Thu Jan 12, 2017 11:11 pm
Has been just resolved a bug that was coming out on some servers, and not on many others (or maybe the contrary). It is an important bug resolved.
It was the password that if was not properly escaped, and containing special chars inside,
was leading to the user login failure on some servers and not others. I've finally encounter this big bug into a CentOS server.
It have for sure cause fail installations for many users, and all reported problems about WP login fail after plugin install.
Finally all the mess have been resolved with just this:
file
wp_w3all.php
search for code:
Code: Select all
$check = $wp_hasher->CheckPassword($password, $hash);
Code: Select all
$password = esc_attr($password);
$check = $wp_hasher->CheckPassword($password, $hash);
The WP_w3all 1.5.7
wp_w3all.php file has been updated on repo, while 1.5.8 is coming.
[size=120][b]Has been just resolved a bug that was coming out on some servers, and not on many others (or maybe the contrary). It is an important bug resolved.[/b][/size]
It was the password that if was not properly escaped, and containing special chars inside,[b] was leading to the user login failure on some servers and not others[/b]. I've finally encounter this big bug into a CentOS server. [b]It have for sure cause fail installations for many users, and all reported problems about WP login fail after plugin install.[/b]
[b]Finally all the mess have been resolved with just this:[/b]
file [b]wp_w3all.php[/b]
[i]search for code:[/i]
[code]$check = $wp_hasher->CheckPassword($password, $hash);[/code]
[b]replace with:[/b]
[code]$password = esc_attr($password);
$check = $wp_hasher->CheckPassword($password, $hash);[/code]
The WP_w3all 1.5.7 [b]wp_w3all.php [/b] file has been updated on repo, while 1.5.8 is coming.