Significant Code Error WRT to Password-Protected Posts
3 views
Skip to first unread message
martha
Nov 9, 2011, 10:36:47 AM11/9/11
to Digress.it
Hi,
I've been working on a project involving digress.it, and the last step
was using password-protection on a post level. I tested this feature
out and got some very strange results. Basically, when I add a
password to a post, and then visit the post and enter the correct
password, I get redirected here: http://digwp.com/wp-login.php.
I checked the single.php template and, sure enough, the password form
has the following code:
<form method="post" action="http://digwp.com/wp-pass.php">
I went ahead and tested this on a site at digress.it, and had the same
result.
It looks like that some point the code was corrupted with a call to a
script on the digwp.com site.
The fix, for me, was simply to change the code to <form method="post"
action="/wp-includes/wp-pass.php">
I'm surprised that I can't find any other reports of this bug, but I
think it's significant enough to mention here. Is there a bug
reporting system that I should put this in?
Thanks,
Martha Burtis
I've been working on a project involving digress.it, and the last step
was using password-protection on a post level. I tested this feature
out and got some very strange results. Basically, when I add a
password to a post, and then visit the post and enter the correct
password, I get redirected here: http://digwp.com/wp-login.php.
I checked the single.php template and, sure enough, the password form
has the following code:
<form method="post" action="http://digwp.com/wp-pass.php">
I went ahead and tested this on a site at digress.it, and had the same
result.
It looks like that some point the code was corrupted with a call to a
script on the digwp.com site.
The fix, for me, was simply to change the code to <form method="post"
action="/wp-includes/wp-pass.php">
I'm surprised that I can't find any other reports of this bug, but I
think it's significant enough to mention here. Is there a bug
reporting system that I should put this in?
Thanks,
Martha Burtis
Eddie A Tejeda
Nov 9, 2011, 11:23:45 AM11/9/11
to digr...@googlegroups.com
Thank you for this report. This was something that has been fixed in the development code base for some time, but it never made it to the public repository. I made an emergency release v 3.1.2.
It seems that when I added support for password protection, I copied some sample code and didn't change the URL. I was concerned it might have been a security issue, but it appears the error was in the initial code. Here is the diff.
http://code.google.com/p/digressit/source/diff?path=/trunk/themes/digressit-wireframe/single.php&format=side&r=230&old_path=/trunk/themes/digressit-wireframe/single.php&old=226
--
Eddie A Tejeda
It seems that when I added support for password protection, I copied some sample code and didn't change the URL. I was concerned it might have been a security issue, but it appears the error was in the initial code. Here is the diff.
http://code.google.com/p/digressit/source/diff?path=/trunk/themes/digressit-wireframe/single.php&format=side&r=230&old_path=/trunk/themes/digressit-wireframe/single.php&old=226
--
Eddie A Tejeda
--
You received this message because you are subscribed to the Google Groups "Digress.it" group.
To post to this group, send email to digr...@googlegroups.com.
To unsubscribe from this group, send email to digressit+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/digressit?hl=en.
Reply all
Reply to author
Forward
0 new messages