Bug line 325 password-protected.php #194
Comments
|
This appears to happen when no password is set, or when there was an error setting a password -- I failed to fill the "repeat password" field in the admin settings. When I corrected that, the error went away. Of course this should not happen in the first place. I haven't had time to really look into it, but I guess Also no good idea where to catch this. I'm on a very fresh WP 6.1.1, no other plugins. Here's a stack trace:
|
|
ARGGH the stack trace contained hash-number (now corrected), so I just mentioned issues 1 through 9... |
I tested this plugin after setting up a simple site password "1235".
Attemoting to login got an error message that one of the args being passed to hash_equals() on line 325 was boolean not string,
Changing hash_equals($pwd...) to hash_equals( (string)$pwd...) didn't help. So I suspect its the 2nd arg that's the issue.
When I bypassed the test totally, by changing if (hash_equals(...) || ... to if (true || hash_equals(...) || ... , login worked fine, so it's definitely some typecasting error going on somewhere, that errors in that line.
Asked a friend to test from their phone, some miles away. Different device and connection. Same exact thing.
And yes, I can see that it just called md5() on the $_REQUEST value of the password, which should return a string. I have no idea why this error happened. Maybe someone else does?
The text was updated successfully, but these errors were encountered: