Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3382345

Timestamp:

10/22/2025 06:30:24 AM (5 months ago)

Author:

chrmrtns

Message:

Release v3.0.2 - Critical 2FA fixes

Fixed four critical issues affecting 2FA magic link authentication:

CRITICAL: Fixed fatal error in 2FA magic link login flow (Core::get_instance() namespace confusion)
- Changed Core::get_instance() to TwoFACore::get_instance() in includes/Core/Core.php

CRITICAL: Fixed incorrect get_redirect_url() method call (Admin vs OptionsPage class reference)
- Added OptionsPage import and fixed two instances of Admin::get_redirect_url() to OptionsPage::get_redirect_url()

WOOCOMMERCE FIX: Changed 2FA verification hook from 'init' to 'template_redirect' to prevent cart warnings
- Updated includes/Security/TwoFA/Core.php hook timing for better plugin compatibility

DATABASE FIX: Fixed wpdb::prepare() called without placeholder in get_2fa_users()
- Removed unnecessary prepare() call when no search term present in includes/Core/Database.php

Files modified in trunk:

includes/Core/Core.php
includes/Core/Database.php
includes/Security/TwoFA/Core.php
keyless-auth.php (version bump to 3.0.2)
readme.txt (updated stable tag and changelog)

Tagged as 3.0.2

Location:

keyless-auth

Files:

: 65 added
: 5 edited

tags/3.0.2 (added)
tags/3.0.2/LICENSE (added)
tags/3.0.2/assets (added)
tags/3.0.2/assets/css (added)
tags/3.0.2/assets/css/2fa-frontend.css (added)
tags/3.0.2/assets/css/admin-style.css (added)
tags/3.0.2/assets/css/forms-enhanced-dark.css (added)
tags/3.0.2/assets/css/forms-enhanced-light.css (added)
tags/3.0.2/assets/css/forms-enhanced.css (added)
tags/3.0.2/assets/css/style-back-end.css (added)
tags/3.0.2/assets/css/style-front-end.css (added)
tags/3.0.2/assets/js (added)
tags/3.0.2/assets/js/2fa-frontend.js (added)
tags/3.0.2/assets/js/admin-script.js (added)
tags/3.0.2/assets/js/qrcode.js (added)
tags/3.0.2/assets/js/qrcode.min.js (added)
tags/3.0.2/assets/logo_150_150.png (added)
tags/3.0.2/autoload.php (added)
tags/3.0.2/includes (added)
tags/3.0.2/includes/Admin (added)
tags/3.0.2/includes/Admin/Admin.php (added)
tags/3.0.2/includes/Admin/Admin.php.backup (added)
tags/3.0.2/includes/Admin/Ajax (added)
tags/3.0.2/includes/Admin/Ajax/TwoFAAjaxHandler.php (added)
tags/3.0.2/includes/Admin/Ajax/index.php (added)
tags/3.0.2/includes/Admin/Assets (added)
tags/3.0.2/includes/Admin/Assets/AssetLoader.php (added)
tags/3.0.2/includes/Admin/Assets/index.php (added)
tags/3.0.2/includes/Admin/MenuManager.php (added)
tags/3.0.2/includes/Admin/Pages (added)
tags/3.0.2/includes/Admin/Pages/DashboardPage.php (added)
tags/3.0.2/includes/Admin/Pages/HelpPage.php (added)
tags/3.0.2/includes/Admin/Pages/MailLogsPage.php (added)
tags/3.0.2/includes/Admin/Pages/OptionsPage.php (added)
tags/3.0.2/includes/Admin/Pages/SmtpPage.php (added)
tags/3.0.2/includes/Admin/Pages/TemplatesPage.php (added)
tags/3.0.2/includes/Admin/Pages/TwoFAUsersPage.php (added)
tags/3.0.2/includes/Admin/Pages/index.php (added)
tags/3.0.2/includes/Admin/Settings (added)
tags/3.0.2/includes/Admin/Settings/SettingsManager.php (added)
tags/3.0.2/includes/Admin/Settings/index.php (added)
tags/3.0.2/includes/Admin/index.php (added)
tags/3.0.2/includes/Core (added)
tags/3.0.2/includes/Core/Core.php (added)
tags/3.0.2/includes/Core/Database.php (added)
tags/3.0.2/includes/Core/Main.php (added)
tags/3.0.2/includes/Core/Notices.php (added)
tags/3.0.2/includes/Core/index.php (added)
tags/3.0.2/includes/Email (added)
tags/3.0.2/includes/Email/MailLogger.php (added)
tags/3.0.2/includes/Email/SMTP.php (added)
tags/3.0.2/includes/Email/Templates.php (added)
tags/3.0.2/includes/Email/index.php (added)
tags/3.0.2/includes/Security (added)
tags/3.0.2/includes/Security/TwoFA (added)
tags/3.0.2/includes/Security/TwoFA/Core.php (added)
tags/3.0.2/includes/Security/TwoFA/Frontend.php (added)
tags/3.0.2/includes/Security/TwoFA/TOTP.php (added)
tags/3.0.2/includes/Security/TwoFA/index.php (added)
tags/3.0.2/includes/Security/index.php (added)
tags/3.0.2/includes/index.php (added)
tags/3.0.2/keyless-auth.php (added)
tags/3.0.2/languages (added)
tags/3.0.2/languages/keyless-auth.pot (added)
tags/3.0.2/readme.txt (added)
trunk/includes/Core/Core.php (modified) (4 diffs)
trunk/includes/Core/Database.php (modified) (1 diff)
trunk/includes/Security/TwoFA/Core.php (modified) (1 diff)
trunk/keyless-auth.php (modified) (2 diffs)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

keyless-auth/trunk/includes/Core/Core.php

-                      r3380037
+                      r3382345
 use Chrmrtns\KeylessAuth\Email\Templates;
 use Chrmrtns\KeylessAuth\Admin\Admin;
+use Chrmrtns\KeylessAuth\Admin\Pages\OptionsPage;
 …
         $user = get_user_by('ID', $user_id);
         if ($user && class_exists('Chrmrtns\\KeylessAuth\\Security\\TwoFA\\Core')) {
             $tfa_core = Core::get_instance();
+            $tfa_core = TwoFACore::get_instance();
             // Check if 2FA is enabled and required for this user
 …
                     } else {
                         // Get redirect URL (custom or default)
                         $redirect_url = class_exists('Chrmrtns\\KeylessAuth\\Admin\\Admin') ? Admin::get_redirect_url($user_id) : admin_url();
+                        $redirect_url = class_exists('Chrmrtns\\KeylessAuth\\Admin\\Pages\\OptionsPage') ? OptionsPage::get_redirect_url($user_id) : admin_url();
+                    }
                     $redirect_url = apply_filters('chrmrtns_kla_after_login_redirect', $redirect_url, $user_id);
 …
         } else {
             // Get redirect URL (custom or default)
             $redirect_url = class_exists('Chrmrtns\\KeylessAuth\\Admin\\Admin') ? Admin::get_redirect_url($user_id) : admin_url();
+            $redirect_url = class_exists('Chrmrtns\\KeylessAuth\\Admin\\Pages\\OptionsPage') ? OptionsPage::get_redirect_url($user_id) : admin_url();
+        }

keyless-auth/trunk/includes/Core/Database.php

-                      r3380037
+                      r3382345
             $query = $base_query . " ORDER BY u.user_login ASC";
+            // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,WordPress.DB.PreparedSQL.NotPrepared -- Querying custom devices table for admin interface, query properly prepared
+            $prepared_query = $wpdb->prepare($query);
+            // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- Query already prepared above
+            $results = $wpdb->get_results($prepared_query);
+            // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching,WordPress.DB.PreparedSQL.NotPrepared -- Querying custom devices table for admin interface, no placeholders needed
+            $results = $wpdb->get_results($query);
+        }

keyless-auth/trunk/includes/Security/TwoFA/Core.php

-                      r3380037
+                      r3382345
+        }
         // Handle 2FA verification page
         add_action('init', array($this, 'handle_2fa_verification'));
+        // Handle 2FA verification page (use template_redirect to ensure WooCommerce cart is ready)
+        add_action('template_redirect', array($this, 'handle_2fa_verification'));
         // Add grace period notices

keyless-auth/trunk/keyless-auth.php

-                      r3380025
+                      r3382345
 * Plugin URI: https://github.com/chrmrtns/keyless-auth
 * Description: Enhanced passwordless authentication allowing users to login securely without passwords via email magic links. Fork of Passwordless Login by Cozmoslabs with additional security features.
 * Version: 3.0.1
+* Version: 3.0.2
 * Author: Chris Martens
 * Author URI: https://github.com/chrmrtns
 …
 // Define plugin constants
 define('CHRMRTNS_KLA_VERSION', '3.0.1');
+define('CHRMRTNS_KLA_VERSION', '3.0.2');
 define('CHRMRTNS_KLA_PLUGIN_DIR', plugin_dir_path(__FILE__));
 define('CHRMRTNS_KLA_PLUGIN_URL', plugin_dir_url(__FILE__));

keyless-auth/trunk/readme.txt

-                      r3380025
+                      r3382345
 Requires at least: 3.9
 Tested up to: 6.8
 Stable tag: 3.0.1
+Stable tag: 3.0.2
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 3.0.2 =
+* FIX: Critical - Fixed fatal error in 2FA magic link login flow (Core::get_instance() namespace confusion)
+* FIX: Critical - Fixed incorrect get_redirect_url() method call (Admin vs OptionsPage class reference)
+* FIX: WooCommerce compatibility - Changed 2FA verification hook from 'init' to 'template_redirect' to prevent cart warnings
+* FIX: Database query - Fixed wpdb::prepare() called without placeholder in get_2fa_users() causing PHP notice
+* IMPROVEMENT: Better timing for 2FA verification page rendering to ensure compatibility with WooCommerce and other plugins
+* TECHNICAL: Added OptionsPage import to Core class for proper redirect URL handling
+* TECHNICAL: Updated TwoFA Core class to use template_redirect hook for proper WordPress hook sequence
 = 3.0.1 =
 * ACCESSIBILITY: Full WCAG 2.1 Level AA compliance achieved

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory