mkwprel

Just tried to reproduce it, with and without option “Swipe” enabled the issue has disappeared. So my workaround is obsolete, thanks!

Sorry, this introduced a new bug (PHP Fatal error: Maximum function nesting level of ‘100’ reached, aborting), so I changed this function to:

function rw_cryptx_generate_hash($string) {
		$string = str_replace("&", "&", $string);
		$blacklist = array(
							'32',	// Space
							'34',	// Double quote
							'39',	// Single quote
							'60',	// Less than
							'62',	// Greater than
							'63',	// Question mark
							'92',	// Backslash
							'94',	// Caret - circumflex
							'96',	// Grave accent
							'127',	// Delete
						);
        $crypt	= '';
        $ascii	= 0;

        for ($i = 0; $i < strlen( $string ); $i++) {

            do {
    	    	$salt	= mt_rand(0, 3);
                $ascii = ord ( substr ( $string, $i ) ) + $salt;
                if (8364 <= $ascii) {
                    $ascii = 128;
                }

            } while ( in_array($ascii, $blacklist) ); // blacklisted chars are impossible for hash! retry with new random...
            
            $crypt .= $salt.chr($ascii);
        }
        return $crypt;
}

This code runs with better performance and no recursion issues.

I found the same discrepancy, but unpacking those files and running “diff -r <plugin-before> <plugin-later>” showed no differences. So only the zip-files differ, not their content. This is bad for security aware people, because you cannot easily distinguish between original and man-in-the-middle changed files.