Error Updating to 2.6.4

  • WP Multisite
    WP Version 5.8.3
    PHP Version 7.3.33

    Updating causes the following errors after update

    Warning: Use of undefined constant SECURE_AUTH_COOKIE – assumed ‘SECURE_AUTH_COOKIE’ (this will throw an Error in a future version of PHP) in …/wp-includes/pluggable.php on line 847

    Warning: Use of undefined constant LOGGED_IN_COOKIE – assumed ‘LOGGED_IN_COOKIE’ (this will throw an Error in a future version of PHP) in …/wp-includes/pluggable.php on line 843

Viewing 10 replies - 1 through 10 (of 10 total)
  • Thread Starter John Huebner

    (@hube2)

    Really confusing since I can’t find any reference to either of these constants in this plugin.

    I’m seeing the exact same error.

    WP Multisite
    WP Version 5.8.3
    PHP Version 7.4

    Plugin Author Pieter Bos

    (@senlin)

    @hube2 it is very strange indeed.

    Before the weekend I received an email from the WP Plugins team about a security issue in the Classic Editor Addon plugin:

    `The Report

    The plugin (https://www.ads-software.com/plugins/classic-editor-addon/) uses an outdated version of the wp-dependency-installer library (https://github.com/afragen/wp-dependency-installer), which is known to be affected by security issues (low privilege users being able to activate any plugin, as well as attackers being able to make a logged in admin install plugins from the wp-dependencies.json via a CSRF attack).

    The vendor of the library address the issues and were fixed in v4.3.1. This plugin is using v3.0.0`

    So all that I have done, as I have done in the past too when that library receivd an update, is to include the latest version, which was released 5 days ago.

    On the Github repo there also have been issues reported and I simply cannot find any of the references.

    • This reply was modified 2 years, 10 months ago by Pieter Bos. Reason: reformat mess
    Plugin Author Pieter Bos

    (@senlin)

    Im considering ditching the installer script now, because this is a headache I don’t need at the moment.

    Thread Starter John Huebner

    (@hube2)

    Just did a test on another site that is not multisite. Everything is working fine. Must be something in the difference between how permissions are checked on multisite and the fact that only super admin can install plugins. The exact issue still eludes me. Something that is not set up to deal with multisite in the dependency installer.

    Plugin Author Pieter Bos

    (@senlin)

    Thanks for checking John.

    On a not multisite environment there can be other issues though with SMTP, see this reported issue earlier today.

    Plugin Author Pieter Bos

    (@senlin)

    I just released v3.0.0 where I have replaced the library with a simple dependency check/notice; not the most elegant, but since the plugin is active on so many sites, and the issues are opaque at best, I cannot afford to wait too long with a solution.

    I will report the various issues to afragen, so they can check it on their own time.

    Thread Starter John Huebner

    (@hube2)

    That corrected the issue for me.

    I’m sorry everyone. Mea culpa.

    The fix is to load the WP_Dependency_Installer() call inside of a hook.

    
add_action('plugins_loaded', function(){
	WP_Dependency_Installer::instance()->run( __DIR__ );
});

    The issue I caused was loading pluggable.php in the wp-dependency-installer library so that wp_create_nonce() would function. I figured out this was the cause. It’s now removed from the library.

    The above should solve the issue, sorry everyone. Thanks Pieter for bringing it to my attention.

    Plugin Author Pieter Bos

    (@senlin)

    Many thanks for getting to the bottom of this Andy. And glad to hear that you found a fix.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Error Updating to 2.6.4’ is closed to new replies.