[fr]
La solution au problème qui fait qu'on se retrouve parfois régulièrement expulsé de la partie admin de WordPress, et qui implique des URLs d'une longueur indécente, ne menant nulle part. Il suffit de supprimer deux lignes dans wp-login.php.
[en]
Yesterday, without a warning or an explanation, my WordPress install started acting funky. Even though I was logged in, I would be faced with very very long URLs showing me a broken login page when I tried to go back to the admin section (something like http://climbtothestars.org/wp-login.php/wp-admin/wp-smilies/wp-content/wp-admin/post.php?action=edit&post=xxxx). Deleting all the cruft after wp-login.php allowed me to log in, but a few clicks later I would find myself faced again with the same nasty situation.
This is caused by a bug in wp-login.php. What happens is that the Blog URL option gets changed to that long funky line in the database, and of course, it messes everything up.
The first thing I did was correct the siteurl value in the database (options table), because I have direct access to the database and like sticking my hands in there. If you don’t have access to the database, you can probably (I’m not certain) set this right through the Options screen in the admin section for your blog. (Remember, if you feel locked out, go directly to http://example.com/wp-login.php to log in.)
There is a forum thread about this problem, but the solution isn’t presented very clearly to my taste — hence this post.
Now for the fix: if you are not going to be moving your blog around (ie, changing the blog address) without having direct access to the database, you can edit the file wp-login.php and delete a couple of lines. Open wp-login.php in your favourite text editor, and do a search for get_settings(‘siteurl’)
— that will bring you to the right place in the file. Delete these lines:
// If someone has moved WordPress let's try to detect it
if ( dirname('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'])
!= get_settings('siteurl') )
update_option('siteurl', dirname('http://' . $_SERVER['HTTP_HOST'] .
$_SERVER['REQUEST_URI']) );
I’ve had a similar problem with my Blogsome test blog — with the URL for the CSS file going all funky. It seems to be back to normal, but I’ll check that they are indeed aware of the problem.
Similar Posts:
- Invalid argument supplied for foreach() in wp-capabilities.php: Case Cracked!
- Testing Hosted Blog Solutions
- Trying the Disqus WordPress Plugin
- Bunny’s Print CSS Plugin Upgrade
- Requirements for a WordPress Installer Script
- Scripts for a WordPress Weblog Farm
- WordPress DreamHost WiFi Arghl!
- Converting MySQL Database Contents to UTF-8
- Batch Category Editing For WordPress
- Finally out of MySQL encoding hell
Digital Crumble
Pingback: Darksteel Engineer » Blog Archive » Falha de segurança no Wordpress 1.2 e 1.3!
Thank you for this post. As usual in the WP forums, the fix was not presented in any straightforward way. sigh
Thank you for this post. As usual in the WP forums, the fix was not presented in any straightforward way. sigh
Glad it’s fixed, it ate all my comments yesterday but I was mainly trying to draw your attention to the problem. Incidentally I can’t install Spam Karma as my ISP (Infomaniak) doesn’t allow exec()for security reasons. The install aborts.. back to square one I suppose. At least I upgraded to WP 1.3 alpha and changed the template.
Glad it's fixed, it ate all my comments yesterday but I was mainly trying to draw your attention to the problem. Incidentally I can't install Spam Karma as my ISP (Infomaniak) doesn't allow exec()for security reasons. The install aborts.. back to square one I suppose. At least I upgraded to WP 1.3 alpha and changed the template.
Pingback: blogNessie » WP Security Bug
Thanks for the fix–Reading the WP support forum was bit foggy
Thanks for the fix–Reading the WP support forum was bit foggy
mmm.. I was thinking that everyone have faced with this problem should also make the fllowing:
update wp_options set option_value='' where pption_name='siteurl'; where is your actual site url….
mmm.. I was thinking that everyone have faced with this problem should also make the fllowing:
update wp_options set option_value='<yoursiteurl>' where pption_name='siteurl';</yoursiteurl>where <yoursiteurl> is your actual site url….</yoursiteurl>
Pingback: Mountebank » Wordpress bug
Pingback: Gordon McLean. I am me. Who are you?
Pingback: ...grayblog... - separating the wanted from the unwanted » WordPress bug
Pingback: markhale.org » Wordpress Bug
Pingback: Mando.org » Blog Archive » WP flakiness
Thanks for this great info – my site was getting knocked down every few hours but since removing those lines it’s been rock solid
@li
Thanks for this great info – my site was getting knocked down every few hours but since removing those lines it's been rock solid
@li
Pingback: Blog vs. Blog » Wordpress bug
Pingback: CptSaleks Weblog » WordPress patched
Pingback: I am but a Sojourner for Christ... » Blog Archive » wp-login.php wordpress bug
Pingback: O'DonnellWeb
Pingback: O'DonnellWeb
WordPress Warning
There is a bug in WordPress 1.2.1 and earlier that allows losers with nothing better to do to hack into…
WordPress Warning
There is a bug in WordPress 1.2.1 and earlier that allows losers with nothing better to do to hack into…
Pingback: Wordpress Warning | O'DonnellWeb :: General Geekery from Fredericksburg VA
hey… mates i am facing the problem that once i login to my account i need to reset my pass again for next time i want to login….
can any one help me to sort out the problem 
Robert, you should try the WordPress support forums, you’ll be more likely to get help there than on this blog.
The porblem was with your cache memory. You need to logout before logging in again You Can do a manual logout http://www.yourdomain.com/wp-login.php?loggedout=true for more info http://www.rightlog.com/wordpress-login-problem/