10/12/2004

WordPress 1.2.1 Email Issue Solved

Just a quickie: I'd had a problem with the WordPress 1.2.1 install that was issued to cover the cross-site scripting vulnerabilities recently discovered (which apparently also affect certain other blog software). I was somewhat "lucky" in that I'd had login problems with the upgrade; this allowed me to discover that the "email the password" feature sent the password in (unusable) Base64 code.

I dislike speculating on what caused the problem because, while entirely possible/probable, I could not stand by speculation as absolutely true. Suffice it to say that the files in the .tar file work.

2 Comments to "WordPress 1.2.1 Email Issue Solved"

  1. Frenchie91 says:

    Diane,
    You should check this. http://wordpress.org/pipermail/hackers_wordpress.org/2004-October/002284.html
    Apparently we've stumbled on a bug in wp-login.php Not quite sure how. Try doing a search on mb and changing the code as indicated. Even if it doesn't work correctly, you should be able to change the password via MySQL without it resetting afterwards. Good luck!

  2. Diane says:

    Excellent, Frenchie91! I appreciate your letting me know. I'll try out the hack later tonight and post back at the WP forums.

    Again, much appreciated.

Have your say ...

First-time comments will be held for moderation (but comments are appreciated). Otherwise, just be courteous. If your name is a bunch of keywords, your comment will be deleted. Don't post links unless highly pertinent. Posters must be 16 or older.

Manage your subscriptions

Archives
© 2004-2017 DianeV Web Design Studio. All Rights Reserved.
28 queries. 0.202 seconds.