WordPress.org

Ready to get started?Download WordPress

Forums

Rename wp-login.php
[resolved] Tiny critical error (10 posts)

  1. Tim Brugman
    Member
    Posted 4 months ago #

    Hi. I'm getting an undefined offset 1 at line 496 in rename-wp-login.php. Could you patch this? It requires an isset().

    Thanks!

    https://wordpress.org/plugins/rename-wp-login/

  2. Janneke Van Dorpe
    Member
    Plugin Author

    Posted 4 months ago #

    Which version of WordPress are you running? Could you var_dump( $GLOBALS['wp_version'] );? If you get this error it means it doesn't have a minor version number, which is weird...

  3. Tim Brugman
    Member
    Posted 4 months ago #

    That var outputs 3.8.1, but I'm also running a security plugin which might obscure the version number when obtained through a WP function.

  4. Janneke Van Dorpe
    Member
    Plugin Author

    Posted 4 months ago #

    It's not obtained through a function... Could you var_dump it just were the plugin is giving a notice? Sorry, I really need to know why there is unexpected output there. I'm also guessing that when you go to your login page, there's something wrong with the stylesheets? You're running rwl-login-3.9.php instead of rwl-login-3.8.php.
    I'd be really grateful if you could check, because this is pretty critical for future WP versions...

  5. Tim Brugman
    Member
    Posted 4 months ago #

    No problem. I can confirm the security plugin hides up the version when pre-printed from within the plugin. This is just me F5ing: http://i.imgur.com/X076sLX.png Could you make it work with a fake version number?

  6. Janneke Van Dorpe
    Member
    Plugin Author

    Posted 4 months ago #

    That's bad. No plugin should change that. Unfortunately this plugin requires 3.8 and uses different files based on the version. If your security plugin changes it to a version lower than 3, this plugin will not work at all because of

    if ( version_compare( $wp_version, '3.8', '<' ) ) {
    
    	return;
    
    }
  7. Tim Brugman
    Member
    Posted 4 months ago #

    It's a feature of Better WP Security (soon iThemes Security), they warn it might break plugins so I can't fault either of you but I value the vulnerability it patches.

    To make rename wp-login compatible I would check if there is a sub-version, if not, disregard the version and assume its running the latest WordPress.

  8. Janneke Van Dorpe
    Member
    Plugin Author

    Posted 4 months ago #

    Not easy to do. I added 3.9 compatibility before 3.9 gets released. So the latest version would be 3.9, but you're running 3.8. So I'd have to manually change the version on the date of the release or after (will cause breakage), or guess the date and time WordPress upgrades itself (impossible). All I can say it's a very bad idea to change the version number. A lot of things rely on it, even in core. If you want to hide the version, you should just make sure it's not revealed on the front-end. You should hide the generator tag and query strings attached to scripts.

  9. Janneke Van Dorpe
    Member
    Plugin Author

    Posted 4 months ago #

    I'll fix this problem, but by fixing it, it will be unusable if you change the version. I'll have to require a minor version number.

  10. Tim Brugman
    Member
    Posted 4 months ago #

    I see, I didn't think about the 3.9 part. For now I've disabled the security feature. Thanks for your very speedy help. :)

Reply

You must log in to post.

About this Plugin

About this Topic