WordPress 1.2.1 Email Issue Solved
Just a quickie: I'd had a problem with the WordPress 1.2.1 install that was issued to cover the cross-site scripting vulnerabilities recently discovered (which apparently also affect certain other blog software). I was somewhat "lucky" in that I'd had login problems with the upgrade; this allowed me to discover that the "email the password" feature sent the password in (unusable) Base64 code.
I dislike speculating on what caused the problem because, while entirely possible/probable, I could not stand by speculation as absolutely true. Suffice it to say that the files in the .tar file work.
2 Comments to "WordPress 1.2.1 Email Issue Solved"
Have your say ...
If this is your first comment, it will be held for moderation (but comments are appreciated). Otherwise, just be courteous, don't drop links unless highly pertinent — and no substituting keywords for your name. Posters must be 16 or older. We use Akismet, so if you don't see your non-spam comment posted, contact me.
Frenchie91 says:
Comment posted on 10/13/04 @ 10:43 pm
Diane,
You should check this. http://wordpress.org/pipermail/hackers_wordpress.org/2004-October/002284.html
Apparently we've stumbled on a bug in wp-login.php Not quite sure how. Try doing a search on mb and changing the code as indicated. Even if it doesn't work correctly, you should be able to change the password via MySQL without it resetting afterwards. Good luck!
Diane says:
Comment posted on 10/13/04 @ 10:59 pm
Excellent, Frenchie91! I appreciate your letting me know. I'll try out the hack later tonight and post back at the WP forums.
Again, much appreciated.