Recent Update Crashes Sites

  • Resolved cfuze

    (@cfuze)


    9 months ago

    Any of our sites that were running this plugin that had automatic update enabled have gone down. The culprit is in the library.php file about line 4863-ish. It looks like a C/C++ function that was copied has been partially deleted or what not which leaves a function without a closing }. I don’t know if this was accidental by the publisher or if the publishers account has been compromised. Either way, deleting the plugin restores functionality.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author ttodua

    (@ttodua)

    Hello.
    Thanks for the report!

    Yes, there have been some updates in library in last period.
    However, I can’t find the culprit you mentioned.
    Can you please post the code around where it is missing closing } ?

    When I am trying to install the plugin on clean site, it installs & works well.
    Which PHP version does your hosting have?

    • This reply was modified 9 months ago by ttodua.
    • This reply was modified 9 months ago by ttodua.
    Thread Starter cfuze

    (@cfuze)

    Hello and thank you for the quick response. I’m on mobile, but I found the offending line in the svn repo. It might be a parser messed something up or the WP auto-updater fails to unpack it correctly but here is the bad function. The very last line becomes truncated leaving just self::$iv =. This code is in the trunk of your WP SVN in library.php. So what resulted was a truncated function leaving what was mentioned and the trailing } on the next line missing. You are left with the following line \\} and the rest of the file, which then throws an error of invalid function of T which crashes the site including wp-admin. Disabling plugins in the db won’t help either, so deleting is the only way.

    public static function helper__encrypt_decrypt_stream($password, $method= 'aes-256-cbc'){
			// Must be exact 32 chars (256 bit)
			self::$password_shuffled = substr(hash('sha256', $password, true), 0, 32);		
			// IV must be exact 16 chars (128 bit)
			self::$iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);

    This was impacting sites running PHP 7.4 and 8.0.

    • This reply was modified 9 months ago by cfuze.
    • This reply was modified 9 months ago by cfuze.
    Plugin Author ttodua

    (@ttodua)

    here is trunk/svn link: https://plugins.svn.www.ads-software.com/wp-phpmyadmin-extension/trunk/library.php

    and it seems to be correct. not?

    maybe you try to delete the plugin and re-install on your site.

    Thread Starter cfuze

    (@cfuze)

    I updated my message with additional information.

    Also, I wonder if the 16 bit empty string that line is creating, is being mis interpreted by the core wp auto-updater when it writes the file, thus instead of writing the string, it’s interpreting it and writing zero length characters or removing them entirely. This you end up without a right hand assignment which wild also cause a PHP error.

    Last edit for the night, deleting and reinstalling, of course, works. The issue happens when the WP site updated the plugin via auto-updates.

    • This reply was modified 9 months ago by cfuze.
    • This reply was modified 9 months ago by cfuze.
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Recent Update Crashes Sites’ is closed to new replies.