[CMSP-467] Please don't strip all tags from the cache password. #431

dgaastra · 2023-06-17T15:33:36Z

Thanks for developing such a great plugin and maintaining it.

I noticed a bug: commenting it out helped:

                                    'auth' => isset( $_SERVER['CACHE_PASSWORD'] ) ? /*wp_strip_all_tags(*/ $_SERVER['CACHE_PASSWORD']/* )*/ : '',

ERRORS:
[1] This corrupts our passwords and authentication fails.
[2] If the CACHE_PASSWORD is provided as a user+pw pair, WP errors that it needs a string.

Thanks for looking into this.
Dennis

The text was updated successfully, but these errors were encountered:

pwtyler · 2023-06-20T17:20:19Z

Thanks for the report! Tracking internally as CMSP-467. Looks like another unintended side-effect of #400.

…er issues * Fixes pantheon-systems#433 * Fixes $432 * Fixes pantheon-systems#431 * Further clean-up & standardization between object-cache.php & wp-redis.php. * Fixes incorrect order of array_replace_recursive arguments. * Addresses issue with port still not being null for socket connections due to defaults array_repalce_recursive use.

…er issues * Fixes pantheon-systems#433 * Fixes pantheon-systems#432 * Fixes pantheon-systems#431 * Further clean-up & standardization between object-cache.php & wp-redis.php. * Fixes incorrect order of array_replace_recursive arguments. * Addresses issue with port still not being null for socket connections due to defaults array_repalce_recursive use.

…er issues (#434) * fix: Fixes incorrect order of array_replace_recursive arguments & other issues * Fixes #433 * Fixes #432 * Fixes #431 * Further clean-up & standardization between object-cache.php & wp-redis.php. * Fixes incorrect order of array_replace_recursive arguments. * Addresses issue with port still not being null for socket connections due to defaults array_repalce_recursive use. * fix: Fixes sanitization methods and linting issues * Adjusts some items to use type-based sanitization. * Adds linting expection handling with comments for cases that require it. * fix: Removes invalid change made in #437 * Reverts this incorrect change that was made due to the incorrect use of `array_replace_recursive()`. * update changelog * Update wp-redis.php * update language in changelogs * fix missing closing ) --------- Co-authored-by: Chris Reynolds <[email protected]> Co-authored-by: Phil Tyler <[email protected]>

dgaastra · 2023-06-27T12:24:24Z

Thanks and greetings from Bavaria

pwtyler changed the title ~~Please don't strip all tags from the cache password.~~ [CMSP-467] Please don't strip all tags from the cache password. Jun 20, 2023

pwtyler mentioned this issue Jun 20, 2023

[CMSP-470] Replace use of wp_strip_all_tags (possibly any wp filter function?) in object-cache.php #432

Closed

timnolte mentioned this issue Jun 21, 2023

fix: Fixes incorrect order of array_replace_recursive arguments & other issues #434

Merged

jazzsequence mentioned this issue Jun 22, 2023

test fork pr-434 #436

Closed

jazzsequence closed this as completed in #434 Jun 23, 2023

jazzsequence closed this as completed in c3a5242 Jun 23, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CMSP-467] Please don't strip all tags from the cache password. #431

[CMSP-467] Please don't strip all tags from the cache password. #431

dgaastra commented Jun 17, 2023

pwtyler commented Jun 20, 2023

dgaastra commented Jun 27, 2023

[CMSP-467] Please don't strip all tags from the cache password. #431

[CMSP-467] Please don't strip all tags from the cache password. #431

Comments

dgaastra commented Jun 17, 2023

pwtyler commented Jun 20, 2023

dgaastra commented Jun 27, 2023