administrator unlock, case sensitivity

  • Hi,

    First, thanks for the great plugin, we use it on nearly all of our client’s sites (north of 100).

    Recently we encountered an issue where we’ve noticed that the administrator unlock form, @ wfUnlockMsg.php seems to be case sensitive. I did some code diving in wordfenceClass.php and I can see the functions that control this lines 977+ and it looks like the logic is fine, I’ve even made it output the query just in case and then ran the query directly against the database. The query when run directly against the database is fine, HOWEVER, if you run it through the form, it seems to convert it’s logic to case-sensitive.

    So if a user admin’s email is [email protected] and you type [email protected] the email will never get sent, likewise if it was [email protected] and you do [email protected] it will also never get sent.

    I’ve tested this in multiple environments.
    1. CentOS – LEMP – MariaDB & MySQL
    2. CentOS – LAMP – MariaDB & MySQL
    3. Ubuntu – LEMP – MySQL
    4. Ubuntu – LAMP – MySQL
    5. Amazon Linux – LAMP – Aurora DB

    All with updated versions of WP. Also spread across multiple vendors. e.g. Amazon, Rackspace, MediaTemple, DigitalOcean and Hostgator.

    I spot checked the DB collations and for the most part they were
    utf8mb4 and utf8.

    Lastly, I’ve checked mail deliverability mainly using Mailgun since it has better reporting tools, and the emails that don’t match never make it the email process, however, work as expected when they do.

    Thanks for your time and let me know if there’s anything else I can do to help you identify any potential issues.

    – Lucas

    • This topic was modified 8 years, 5 months ago by simplistik. Reason: removed redundant verbiage
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘administrator unlock, case sensitivity’ is closed to new replies.