[CMSP-467] Please don't strip all tags from the cache password.

pantheon-systems / wp-redis

WordPress Object Cache using Redis.

https://wordpress.org/plugins/wp-redis/

GNU General Public License v2.0

225 stars 67 forks source link

[CMSP-467] Please don't strip all tags from the cache password. #431

Closed dgaastra closed 1 year ago

dgaastra commented 1 year ago

Thanks for developing such a great plugin and maintaining it.

I noticed a bug: commenting it out helped:

                                    'auth' => isset( $_SERVER['CACHE_PASSWORD'] ) ? /*wp_strip_all_tags(*/ $_SERVER['CACHE_PASSWORD']/* )*/ : '',

ERRORS: [1] This corrupts our passwords and authentication fails. [2] If the CACHE_PASSWORD is provided as a user+pw pair, WP errors that it needs a string.

Thanks for looking into this. Dennis

pwtyler commented 1 year ago

Thanks for the report! Tracking internally as CMSP-467. Looks like another unintended side-effect of #400.

dgaastra commented 1 year ago

Thanks and greetings from Bavaria