!IMPORTANT: Old bug about LOGIN FAIL on WP discovered: just resolved on patched 1.5.7
Posted: Thu Jan 12, 2017 11:11 pm
Has been just resolved a bug that was coming out on some servers, and not on many others (or maybe the contrary). It is an important bug resolved.
It was the password that if was not properly escaped, and containing special chars inside, was leading to the user login failure on some servers and not others. I've finally encounter this big bug into a CentOS server. It have for sure cause fail installations for many users, and all reported problems about WP login fail after plugin install.
Finally all the mess have been resolved with just this:
file wp_w3all.php
search for code:
replace with:
The WP_w3all 1.5.7 wp_w3all.php file has been updated on repo, while 1.5.8 is coming.
It was the password that if was not properly escaped, and containing special chars inside, was leading to the user login failure on some servers and not others. I've finally encounter this big bug into a CentOS server. It have for sure cause fail installations for many users, and all reported problems about WP login fail after plugin install.
Finally all the mess have been resolved with just this:
file wp_w3all.php
search for code:
Code: Select all
$check = $wp_hasher->CheckPassword($password, $hash);
Code: Select all
$password = esc_attr($password);
$check = $wp_hasher->CheckPassword($password, $hash);