6hogan
Forum Replies Created
-
Forum: Plugins
In reply to: [Authorizer] Page naming security bugIt works correct now even with a space or %20. Thank you!
This plugin is a game-changer for WordPress. Outstanding job!Forum: Plugins
In reply to: [Authorizer] Page naming security bugI created a new site. Removed all other plugins on the site. and almost all the pages except 3 pages.
Added:
$current_page_id = empty( $wp->request ) ? ‘home’ : $this->get_id_from_pagename( $current_page_name );
if ( ! array_key_exists( ‘access_public_pages’, $auth_settings ) || ! is_array( $auth_settings[‘access_public_pages’] ) ) {
$auth_settings[‘access_public_pages’] = array();
}
error_log( “Page slug: $current_page_name; Page ID: $current_page_id.” );
error_log( print_r( $auth_settings[‘access_public_pages’], true ) );
if ( in_array( $current_page_id, $auth_settings[‘access_public_pages’] ) ) {
if ( $auth_settings[‘access_public_warning’] === ‘no_warning’ ) {
update_option( ‘auth_settings_advanced_public_notice’, false );
} else {
update_option( ‘auth_settings_advanced_public_notice’, true );
}Here is the output:
https://docs.google.com/document/d/1clDQQjVT95n6V7i9jM7cC05DCxDYT-oYqy0YhPmcTgA/edit?usp=sharing
Forum: Plugins
In reply to: [Authorizer] Page naming security bugThere is no similar page and I have duplicated this issue on three different sites with different page names.
Is there any way to sanitize it before trying authentcation?https://codex.ww.wp.xz.cn/Function_Reference/sanitize_title_with_dashesForum: Plugins
In reply to: [Authorizer] Page naming security bugThanks Paul,
See https://docs.google.com/document/d/198GePAcjngKJIwVJlWAOumatJQ9YPD8YNznMLJloEWA/edit?usp=sharing for all the detailsForum: Plugins
In reply to: [Authorizer] Page naming security bugIf I name the page “sample page” the permalink is https://example.com/sample-page. It will then prompt me to authenticate when I go to that URL.
If I then open a different session and enter https://example.com/sample page (leaving a space instead of the dash) it will load the page as https://example.com/sample%20page and let me go right to the page with no authentication.
Thank you!