[wpmu-trac] [WordPress MU Trac] #1103: Wrong id reference used in login_spam_check
WordPress MU Trac
wpmu-trac at lists.automattic.com
Sun Aug 30 05:07:29 UTC 2009
#1103: Wrong id reference used in login_spam_check
------------------------------+---------------------------------------------
Reporter: johnjosephbachir | Owner: somebody
Type: defect | Status: new
Priority: normal | Milestone:
Component: Security | Version:
Severity: critical | Keywords:
------------------------------+---------------------------------------------
see attached patch. the deprecated 'id' is being used before it is added
to that object, further down in wp_authenticate_username_password().
because of PHP's unfortunate default behavior in terms of dealing with
unassigned values and error reporting, this is only detectable when errors
are set to E_NOTICE, and they are printed to the screen.
I'm fairly certain that this means that is_user_spammy is '''NEVER'''
being actually applied to the user object.
--
Ticket URL: <http://trac.mu.wordpress.org/ticket/1103>
WordPress MU Trac <http://mu.wordpress.org/>
WordPress Multiuser
More information about the wpmu-trac
mailing list