Passcode Option does not validate the 6-digit password | ww.wp.xz.cn

dmireanu
(@dmireanu)

13 years, 5 months ago

Hello,

I’m not sure if this is a problem that only I am having, but when the passcode option is enabled (i.e. “Require a Passcode to RSVP:” is set to Yes in the Options dialog), it still allows me to enter in any password (i.e. not the one I set as the 6-letter password) and be able to edit the RSVP. This seems like a security flaw.

I’ve been doing some digging into the code, and with my limited knowledge of PHP, I was able to find out the following:
– In the rsvp_frontend_handler function, the $passcodeOptionEnabled is set to TRUE.
– In the rsvp_find function, the $passcodeOptionEnabled is set to FALSE
I found this out by using a simple IF statement and an ECHO function.

The only way I could get the script to work properly was to insert the following line in the code for the rsvp_find function. I believe the $passcodeOptionEnabled needs to be defined in every function where this is called, as it is not a global function.
$passcodeOptionEnabled = (get_option(OPTION_RSVP_PASSCODE) == "Y") ? true : false;

Hope this is correct.

Great script by the way.

http://ww.wp.xz.cn/extend/plugins/rsvp/

Viewing 1 replies (of 1 total)

mdedev
(@mdedev)

13 years, 3 months ago

Hi,

Thanks for the bug report. I fixed this issue about a month ago. Sorry about that.

-Mike

Viewing 1 replies (of 1 total)

The topic ‘Passcode Option does not validate the 6-digit password’ is closed to new replies.

1 reply
2 participants
Last reply from: mdedev
Last activity: 13 years, 3 months ago
Status: not resolved