!IMPORTANT: Old bug about LOGIN FAIL on WP discovered: just resolved on patched 1.5.7

Post Reply
User avatar
axew3
w3all User
w3all User
Posts: 2883
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:
Contact axew3

!IMPORTANT: Old bug about LOGIN FAIL on WP discovered: just resolved on patched 1.5.7

Post by axew3 »

Has been just resolved a bug that was coming out on some servers, and not on many others (or maybe the contrary). It is an important bug resolved.

It was the password that if was not properly escaped, and containing special chars inside, was leading to the user login failure on some servers and not others. I've finally encounter this big bug into a CentOS server. It have for sure cause fail installations for many users, and all reported problems about WP login fail after plugin install.

Finally all the mess have been resolved with just this:

file wp_w3all.php
search for code:

Code: Select all

$check = $wp_hasher->CheckPassword($password, $hash);
replace with:

Code: Select all

$password = esc_attr($password);
$check = $wp_hasher->CheckPassword($password, $hash);
The WP_w3all 1.5.7 wp_w3all.php file has been updated on repo, while 1.5.8 is coming.
Top
Post Reply

Return to “phpBB WordPress”