NOT A BUG – Security

It’s pretty simple, actually. An Author (or anyone who has rights to edit a post) can add a section to a post that is password protected. It is up to that person to distribute the password to those who are authorized to view that content. It is assumed that you are not trying to protect anything from others that have publishing or admin access to your site.

Understood. Thank you.

Can you elaborate on how the crypt() function is used? How is the encryption algorithm used if the password is visible in plain text? In other words, is it that when the post is saved, the password is hashed and the hash is stored in the DB as well? And then when the user provides a password, it is compared to the hash? And the plain text one just exists in the post for reference or historical purposes?

Thanks!

Most of that is correct. The password is stored in plaintext as part of the post content, the unspoken assumption here is that anyone authorized to edit a post with protected content is also authorized to view and edit that content. A hash is generated on-the-fly and is sent as part of the access form. This is what the password gets compared to. This hash (and the salt used to generate the hash) is unique to each pageload (unless you’re caching your password hashes in the settings).

Thanks so much for this information!

Really appreciate you taking the time to respond.

Thanks!

I have a problem with the last update

Generally I use it in this way

See the error: ?Please enter and see the ERROR?

captcha should go in the bottom of the post

codes that are inserted into the post
____________________________________________

<strong><span style="font-family: georgia; font-size: 20px; color: black; font-weight: normal;">Testing</span></strong>

<img src="https://s8.postimg.org/ajayh8lbp/demi_lovato_demi_lovato_sonrisa_demi_lovato.jpg" alt="" />
<!--more--><img src="https://s29.postimg.org/w88dng9hj/ariana_grande_cumple_22_anos_lo_sabes_todo.jpg" alt="" />
<code>
<span style="color: #000000;">Testing</span></strong>

[content_protector password="CAPTCHA"]
SECRET CONTENT
<img src="https://s13.postimg.org/5883d8yfb/ariana_grande_ariana_grande_concierto_ariana.jpg" alt="" />
</strong>
[/content_protector]

____________________________________________

The error occurs when sending post

and I see the publication

The captcha is placed on the top of the post

That should not be so

please if you can repair the problem

this page is only for test

Now note
shortcode that I have in over 5000 post

[content_protector password="CAPTCHA"][/content_protector]

and it’s not fair that my whole blog miscarry

Hi, mateuriko.

If you require support, please begin a new topic and ask your questions there. Thank you.

P.S. Your bug is fixed in 2.6.2. ??