http://wordpress.org/support/ WordPress › Support Topic: [Plugin: WP Security Scan] Bug: Database Security - database.php en Thu, 26 Nov 2009 02:48:52 +0000 http://wordpress.org/support/topic/286263#post-1281840 Sun, 15 Nov 2009 04:00:18 +0000 erigami 1281840@http://wordpress.org/support/ <p>Uh, can you explain a little bit more about Bug 2? I maintain <a href="http://wordpress.org/extend/plugins/miniposts/">a plugin</a> that is apparently causing its users problems with a "You do not have sufficient permissions to access this page." message. One of my users pointed me here and I'm curious what the implications of #2 are.</p> <p>Thanks,<br /> e </p> http://wordpress.org/support/topic/286263#post-1124781 Fri, 03 Jul 2009 12:59:01 +0000 KrX 1124781@http://wordpress.org/support/ <p>Bug 1. Function where wp-config.php gets changed.<br /> Function will replace &lt;b&gt;all&lt;/b&gt; instances of $GLOBALS['table_prefix'], even if value it is replacing is not $table_prefix = 'foobar';<br /> e.g. New prefix: "foo". If the username is &lt;i&gt;define('DB_USER', 'wp_');&lt;/i&gt; (happens to be &lt;i&gt;wp_&lt;/i&gt;), the username will also be changed to "foo".<br /> (Line 141 of database.php)<br /> Suggestion: make criteria for &lt;i&gt;str_replace&lt;/i&gt; include: &lt;i&gt;$table_prefix = '&lt;/i&gt; and &lt;i&gt;';&lt;/i&gt; like:<br /> $table_prefix = 'kwapc_';<br /> $line = str_replace("$table_prefix = '".$GLOBALS['table_prefix']."';", "$table_prefix = '".$newpref."';", $line);</p> <p>Bug 2. MySQL: Table wp_usermeta's whose meta_key value == "wp_capabilities" and "wp_metaboxorder_dashboard" do not get changed into the new prefix values.<br /> This causes Wordpress to output errors like "You do not have sufficient permissions to access this page.", especially in administration pages. </p>