administrator unlock, case sensitivity

  • simplistik

    (@simplistik)


    9 years, 6 months ago

    Hi,

    First, thanks for the great plugin, we use it on nearly all of our client’s sites (north of 100).

    Recently we encountered an issue where we’ve noticed that the administrator unlock form, @ wfUnlockMsg.php seems to be case sensitive. I did some code diving in wordfenceClass.php and I can see the functions that control this lines 977+ and it looks like the logic is fine, I’ve even made it output the query just in case and then ran the query directly against the database. The query when run directly against the database is fine, HOWEVER, if you run it through the form, it seems to convert it’s logic to case-sensitive.

    So if a user admin’s email is userabcd@email.com and you type USerABCD@email.com the email will never get sent, likewise if it was UserAbcd@email.com and you do userabcd@email.com it will also never get sent.

    I’ve tested this in multiple environments.
    1. CentOS – LEMP – MariaDB & MySQL
    2. CentOS – LAMP – MariaDB & MySQL
    3. Ubuntu – LEMP – MySQL
    4. Ubuntu – LAMP – MySQL
    5. Amazon Linux – LAMP – Aurora DB

    All with updated versions of WP. Also spread across multiple vendors. e.g. Amazon, Rackspace, MediaTemple, DigitalOcean and Hostgator.

    I spot checked the DB collations and for the most part they were
    utf8mb4 and utf8.

    Lastly, I’ve checked mail deliverability mainly using Mailgun since it has better reporting tools, and the emails that don’t match never make it the email process, however, work as expected when they do.

    Thanks for your time and let me know if there’s anything else I can do to help you identify any potential issues.

    – Lucas

    • This topic was modified 9 years, 6 months ago by simplistik. Reason: removed redundant verbiage
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)

The topic ‘administrator unlock, case sensitivity’ is closed to new replies.