Make WordPress Core

Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#3445 closed defect (bug) (worksforme)

Can't view Password Protected Pages

Reported by: handysolo's profile HandySolo Owned by: westi's profile westi
Milestone: Priority: normal
Severity: normal Version: 2.0.5
Component: Security Keywords: reporter-feedback
Focuses: Cc:

Description

Originated via WordPress support forum: http://wordpress.org/support/topic/89553?replies=10

A Page can be password protected, but entering the password refreshes the password prompt page. There doesn't appear to be a way for the reader to ever actually see the page.

I've reproduced it on a couple of 2.0.5 installs (as have others in the referenced support thread).

As we no longer appear to put old versions at http://static.wordpress.org/archive/ I've not been able to test previous 2.0.x releases.

Change History (11)

#1 @westi
18 years ago

  • Keywords reporter-feedback added
  • Owner changed from anonymous to westi
  • Status changed from new to assigned

I've just tried to reproduce this on branches/2.0 and cannot.

It works fine for both password protected posts and pages (both use the same code path)

  1. Are any plugins enabled?
  2. Does a hard refresh of the page once the password has been entered fix the issue?
  3. Is the cookie getting set in your browser? It will be called something like wp-postpass_<<md5hash>>

#2 @markjaquith
18 years ago

Also cannot reproduce using Default theme on WP 2.0.5 and WP 2.0.6 beta 1 both with ?page_id=N URLs and /passworded-post/ URLs

Westi's questions should help steer toward the source of the problem.

#3 @markjaquith
18 years ago

Also, if you could set up a passworded page and give us the URL and password, that would help.

#4 @HandySolo
18 years ago

I've set my theme to Default:

http://www.solo-technology.com/blog/disclaimer/
Password is foobar

#5 @HandySolo
18 years ago

Apologies, I should share more details.

Using Firefox 2.
No luck with hard refresh
wp-postpass_(buncha stuff) cookie is set, Content for it is the correct password.

#6 @HandySolo
18 years ago

And, just to keep it fun, with IE I'm not prompted for the password. Just shows the "Protected: Disclaimer" page in all of it's glory. Yes, I confirmed that I was NOT logged in before accessing the page.

#7 @HandySolo
18 years ago

More testing, with a clean install, shows that this works. Must be a plugin conflict of some sort? Regardless, I'm switching my blog back to the proper theme and such.

Sorry to waste time here! Will try to compare plugins with the other folks having same issue.

#8 follow-up: @HandySolo
18 years ago

Ack. I really wish I could edit here.

Final thought: I'm running wp-cache. I wonder if that's why I could get right in with IE even though I'd provided password in another brower?

#9 in reply to: ↑ 8 @westi
18 years ago

Replying to HandySolo:

Ack. I really wish I could edit here.

Final thought: I'm running wp-cache. I wonder if that's why I could get right in with IE even though I'd provided password in another brower?

Ahh. That could be it. If wp-cache is caching the protected page or the unprotected page and not clearing the cache when it changes state.

#10 @markjaquith
18 years ago

  • Milestone 2.0.6 deleted
  • Resolution set to worksforme
  • Status changed from assigned to closed

What version of WP-Cache? WP-Cache should be taking $_COOKIE into consideration when forming its cache file md5 hash. Maybe you have an old version of the plugin?

In any case, I'm closing as worksforme, since even you were unable to recreate this problem with a virgin install. I'll gladly followup with you privately, as many of my clients rely on WP-Cache for performance reasons, so I have a vested interest in keeping it maintained.

#11 @HandySolo
18 years ago

WP-Cache 2, 2.0.17 is what I'm running. To be honest, I've not checked in a long time to see if there's newer or patches...

I'll be in touch via email, Mark.

Note: See TracTickets for help on using tickets.