Deprecated: pathinfo(): Passing null to parameter #1 ($path) of type string is deprecated in /data/sites/web/remonpelnl/www/wp-content/plugins/crayon-syntax-highlighter/crayon_langs.class.php on line 84
So. Fair warning. RANT incoming!.
Recently been working on an issue regarding GravityForms. When a visitor submits a file, the file is stored in a ‘secure’ location, which uses wp_hash to determine this ‘secure’ filepath. The link in the email is also ‘secured’ with this hash. Now, is this wrong? no. but it is also NOT correct. As you see, wp_hash uses the AUTH salt and key, which are used for user authentication, aka, login. One of the security measures we take is to prefix the AUTH tokens with a few things that make sure the user is logged out (for example) when the internet connection changes. (Your laptop gets stolen, that sucks, but your website login is invalid, so that stays safe.)
But when the AUTH tokens change …
Continue reading “This madness has to end! (WordPress hashing)”