Hi Sarah, Are you using version
5.5.5 ? Then the file inc/admin/class-admin.php should not be there anymore. Maybe you updated via FTP? If so, could you try manually remove the file via FTP?
Otherwise, I recommend uninstalling and reinstalling the plugin via the WP Plugins admin page. But you’ll have to reconfigure the plugin settings afterwards…
Hi Rolf, thanks for coming back to me on this.
Yes, this is the latest version of the plugin and as you say, the file has been removed.
The issue I’m reporting is that the checksum API still reports a checksum for that file, even though the file does not exist. So, any hosts that validate checksums before updating your plugin will get a false positive.
The checksums for v5.5 are here: https://downloads.wordpress.org/plugin-checksums/xml-sitemap-feed/5.5.json and the checksum reported for the remove file is:
"inc/admin/class-admin.php": {
"md5": "3bea79cf21f44c45f6cbce32499eed3e",
"sha256": "f3fb6ff9afce2e69e5e402cd6f998bf00c1594e1ba272aef28f22ece1b72d6ae"
},
Apologies, that was me posting the wrong link. The link you have posted still has these lines:
"inc/admin/class-admin.php": {
"md5": "675e135cbf4b1076f0f359660479c17a",
"sha256": "ffc836c537d7c230b8bb80295e9932f9692d4c17adceaf4281e15837df8fcf87"
},
Ah yes, I see it now too… Strange.
How are you verifying checksums? If I do a wp plugin verify-checksums xml-sitemap-feed I get no mismatch reported…
That’s interesting. We have a custom script that iterates over the sha256 hashes in the JSON, calculates the hash of the corresponding file, then compares them.
Better than the wp-cli then 😉
I’ll try get the repository to recreate the json be recommitting the 5.5.5 version tag but not sure if that will work…
In any case, thanks for the warning!
Just to say this all looks good in 5.5.6, so thank you for fixing it.
