Unfortunately www.remarpro.com don’t publish the detailed reason why they close a plugin.

One security vulnerability that this plugin has is an “open redirect” vulnerability – anyone can use a URL on your site to bounce visitors to their site, using the credibility of your site’s URL to get people to visit theirs.

This can be fixed by editing the file sermon.php in the plugin:

1. In the function sb_increase_download_count, change the line $wpdb->query("UPDATE ".$wpdb->prefix."sb_stuff SET COUNT=COUNT+1 WHERE name='".esc_sql($stuff_name)."'"); by adding return at the front, so that it goes return $wpdb->...
2. Find the two places in the same file where there is: header("Location: ".$url);. Each time on the previous line you will find sb_increase_download_count($file_name). Change that to if (sb_increase_download_count($file_name)) { and then add the closing brace, }, on the line after the header("Location: ".$url);
What this does is makes the plugin only issue a redirect to one of your saved sermons, not to any URL than an attacker sends in.

As I say, I can’t tell you whether there are other vulnerabilities.

Is there any way to shorten the URLs?
also, Is there a way to auto-archive after a certain date?

As of now the plugin is abandoned due to security issues. Will you fix it?

This is the error I am getting.

Uncaught TypeError: implode(): Argument #2 ($array) must be of type ?array, string given in /var/www/wp-content/plugins/sermon-browser/sermon.php(452) : eval()’d code:6\nStack trace:\n#0 /var/www/wp-content/plugins/sermon-browser/sermon.php(452) : eval()’d code(6): implode()\n#1 /var/www/wp-content/plugins/sermon-browser/sermon.php(452): eval()\n#2 /var/www/wp-includes/shortcodes.php(356): sb_shortcode()\n#3 [internal function]: do_shortcode_tag()\n#4 /var/www/wp-includes/shortcodes.php(228): preg_replace_callback()\n#5 /var/www/wp-includes/class-wp-hook.php(307): do_shortcode()\n#6 /var/www/wp-includes/plugin.php(191): WP_Hook->apply_filters()\n#7 /var/www/wp-includes/post-template.php(253): apply_filters()\n#8 /var/www/wp-content/themes/charis-church/page.php(21): the_content()\n#9 /var/www/wp-includes/template-loader.php(106): include(‘…’)\n#10 /var/www/wp-blog-header.php(19): require_once(‘…’)\n#11 /var/www/index.php(17): require(‘…’)\n#12 {main}\n thrown in /var/www/wp-content/plugins/sermon-browser/sermon.php(452) : eval()’d code on line 6,

Hi,

my security plugin Wordfence blocks the Sermon Browser Plugin.

Description
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.

References
https://wpscan.com/vulnerability/e9ccf1fc-1dbf-4a41-bf4a-90af20b286d6

Any idea how I can solve this problem?

I’d like to convert my sermon archive to regular posts. is that possible?

When I am editing the page that I want sermons to display on, every time I start putting in the shortcode for sermons [sermons] wordpress spontaneously starts trying to generate a preview (without me even clicking the preview button) and the preview page is blank even if there is code for the page. I can’t even finish putting in a shortcode before it starts to do that. There are also issues with saving the page and I keep getting errors.
I am using this with Divi (if anyone is familiar with Elegant Themes’ Divi theme & builder).
It only happens with shortcode for Sermon Browser. I also have WP Forms installed that uses shortcodes but it doesn’t cause the spontaneous preview when entering the shortcode.
Does anyone have any ideas as to why this is happening or experienced something like this?

Hi,

We get a message:
WordPress caught an error with one of your plugins, Sermon Browser.
Error Details
=============
An error of type E_ERROR was caused in line 6 of the file /home3/pastoemy/public_html/wp-content/plugins/sermon-browser/sermon.php(477) : eval()’d code. Error message: Uncaught Error: Call to undefined function sb_print_sermon_link() in /home3/pastoemy/public_html/wp-content/plugins/sermon-browser/sermon.php(477) : eval()’d code:6
Stack trace:
#0 /home3/pastoemy/public_html/wp-content/plugins/sermon-browser/sermon.php(477): eval()
#1 /home3/pastoemy/public_html/wp-includes/shortcodes.php(343): sb_shortcode(Array, ”, ‘sermons’)
#2 [internal function]: do_shortcode_tag(Array)
#3 /home3/pastoemy/public_html/wp-includes/shortcodes.php(218): preg_replace_callback(‘/\\[(\\[?)(sermon…’, ‘do_shortcode_ta…’, ‘

Any idea of what it could be?

I need to migrate my wordpress installation to another webhost.
I followed all the instructions here:
https://www.sermonbrowser.com/forum/sermon-browser-support/migrate-to-new-host/

However, I am still not seeing the sermons on my new site.
I checked the new database and I have all the tables and options imported correctly. The only thing I’m not so sure is that the database name is different.
Where does sermon browser store the actual database name? Is there a place where I can change it? I tried to look over all the php code but can’t find it.

I’m finding it hard to let go of Sermon Browser because it deals with our long catalogue of audio and video (via Vimeo embeds) sermons, and attempted imports to other alternatives haven’t worked well.
I was finding that using the filters under WordPress 5.5, Php 7.4 (Blocksy theme) was causing a “page not found” when Filter Type was ticked to the Drop-down option. However, in desperation, I tried the One-click option, and thankfully, this is working very nicely.
It would seem, then, that some minor tidying up of code is needed, perhaps in the templates, to allow Sermon Browser to live on. We certainly intend to keep using it. Any coders able to offer a new set of templates?
Same behaviour on our old site, now also WordPress 5.5, Php 7.4 but older DreamWeaver theme. Same solution!

When attempting to upload a sermon (audio file mp3) after 100% upload, we get the Error Message 404 Page Not Found.

Any help???

Hi,

Curious if this plugin is still active. The plugin has crashed my website and so I disabled the plugin – but curious if it is still supported and if there will be any updates anytime or if anyone has a recommendation to keep it going?

Thanks much,
Ethan

Hi,

We received an email from our hosting company, stating that four url’s on our site (indekerk.be) are infected and link to phishing sites. The company says the sermon plugin is the cause; there’s a leak in the plugin.

We disabled the sermon plugin, but we’re hoping a solution can be found.
If necessary I can send you the infected url’s.

greetings,
Maarten

We use SermonBrowser and the sermons work great with the iTunes Podcast Directory, I was curious, is there a way to have it work with the Spotify Podcasts system?

With just a quick attempt and putting in the RSS feed Spotify replies with:

Your podcast RSS feed is missing some things:
* Description
* Cover Art
* Author
* Email address

I don’t see any of those settings in WordPress Dashboard –> Sermons –> Options … are they someplace else?

Unrelated side note, but since I’m here:
On https://www.sermonbrowser.com/ your Mark Barnes name is linked to a domain that is just a placeholder (https://www.4-14.org.uk/)

Hi,

Take a backup of your database for doing ANYTHING here! ??

Heads-up … if you get the “You do not have the correct permissions to edit sermons” when trying to delete sermons, you should set the Sermons per page (under Options) to a very high number, to make sure it lists the sermons to be deleted on the first page. Then delete from there.

Or, if you have access to phpmyadmin, you can delete sermons from the wp_sb_sermons table. To remove the actual mp3s from your disk space, then go into the Sermon Browser -> Files in WP Admin and delete files under “Unlinked files”. It only lists 12, but delete these and then refesh the page to get another 12. Alternatively, just FTP into your wp-content/uploads/sermons folder and delete from there. ??

HTH,

Sal.

Hello.

I am having an issue with timeouts for sermon uploads on slower connections.

I have made the following adjustments to the PHP settings . . .
file_uploads = On
max_execution_time = 600
max_input_time = 600

I can confirm that the site is using these settings. The PHP version is 7.2.19.

Please let me know if any other adjustments can be made.

Thank you,
Larry

In the function sb_return_kbytes, PHP now issues a notice (which my site kindly displays on the public side of the site) indicating that at line 267 (when the case is “m”) the computation is working with non-numeric data. Indeed, the “M” or “G” are still embedded in the $val variable. The following code corrects the issue:

function sb_return_kbytes($val) {
        $val = trim($val);
        $last = strtolower($val[strlen($val)-1]);
        $val = preg_replace("/[^0-9.]/", "", $val);  // <- add this line
        switch($last) {
                case 'g':
                        $val *= 1024;
                case 'm':
                        $val *= 1024;
        }
   return intval($val);
}

Art Smith

When trying to upload a MP3 sermon file (like the ones I’ve uploaded many times before) I get a 405 error. The message is “405 not allowed nginx/1.14.1”

Is there anything I can do to fix this issue?

Thanks in advance!

The Sermon Browser templates is not working properly for WordPress 4.9.9 or 5.0.3. It works in older version but not in these versions.

Please fix.

I use a CSS for table list and I have javascript to prevent people from downloadin sermons. This works fine in older version and I just updated to newer version of wordpress and now it doesn’t work.

Good day, we used to have the Preacher image on the results page. Now after the upgrade it seems like we can’t anymore? It just shows the shortcode… Is there a way to have the Preacher Image in the Results page? Thanks so much

We have WordPress multisite set up as English and Chinese sites. It is a multisite subdir instll, so the English site is at pccma.org and the Chinese site is at pccma.org/chinese. That is how WP multisite is set up. But there is not actually a /chinese/ folder under the site root on the server.

Sermon Browser is activated in each site within the multisite. It has been working correctly for several years, but in the past few weeks the media player stopped working. The media files are stored in a /media/ folder off the site html root. The sermon uploads folder was set to media/english/sermons/ for the English sermons and media/chinese/sermons/ for the Chinese sermons. But the media player started looking for Chinese sermons in /chinese/media/chinese/sermons/ and returning a 404. Changing the uploads dir to /media/chinese/sermons/did not help.

I tried setting the Chinese site sermons upload folder to ../media/chinese/sermons/. Then the media player found the files correctly. But the sermon browser uploaded started putting the uploaded files in /media/chinese/sermon on level above the html root. So it looks like the uploads code is treating the uploads directory setting differently from the media player. For the Chinese site the media player is interpreting the url starting from the home directory of the Chinese site, but the uploads code is interpreting the path starting from the home path of the multisite.

In WordPress multisite, ABSPATH will point to the root path of the WP install, but home_url() will return the base url of the current site (e.g. pccma.org/chinese/)

We are using WP 4.9.9
I recently migrated sermon browser to a new installation that had a different URL and followed the instructions at this forum link https://www.sermonbrowser.com/forum/sermon-browser-support/migrate-to-new-host/

However, now when the sermon page is viewed, no sermons are listed, although they are counted with the preachers and topics, and I get this error when trying to edit the page when the plugin is active: Fatal error: Call to undefined function sb_print_filters() in /home/lakeside/public_html/wp-content/plugins/sermon-browser/sermon.php(477) : eval()’d code on line 2

All the sermons are accessible in the backend and I am able to access and upload new sermons.

Several of the topics didn’t quite cover this issue so I’m reaching out in case anyone is able to support this plugin any more.

Thank you!

Hi! I am scanning all our websites to make sure they are ready for PHP 7 and I am getting an error on the Sermon Browser plugin:

FILE: /nas/content/live/myprasso/wp-content/plugins/sermon-browser/sb-includes/admin.php
—————————————————————————————————
FOUND 1 ERROR AFFECTING 1 LINE
—————————————————————————————————
1550 | ERROR | preg_replace() – /e modifier is deprecated since PHP 5.5 and removed since PHP 7.0
—————————————————————————————————

Could you please fix this ASAP? Thank you!

Thank you for the great plugin! In the last weeks I have compared many sermon plugins for WordPress, but this one is the best. ??

One minor issue is still not clear to me: is there a built-in possibility to add sermon files and metadata via a script? I can think of calling a PHP file directly on the console or calling curl/wget to let the web server execute a PHP file, and I figured out the functions in sb-includes/admin.php this would need and could write something myself – but before I do that, I’d like to know if this feature is already there.

If it’s not there: where can I submit a pull request to add the feature to SB once it’s ready? I’d like to let others make use of the result as well. ??

Kind regards

Mathis

Hi everyone,

We have recently decided to migrate our content hosting to Amazon AWS from our previous servers. We have several hundred sermons which we have uploaded to AWS. We want to update the URL of each sermon to reflect the new URL on the AWS servers.

We’ve tested this to work by manually editing the URLs of the existing sermons. Is there a mechanism to achieve this automatically rather than needing to manually update each sermon?

Thanks!
James

It appears that the ajax.php fetch needs to be updated to match the same logic as admin.php for outputting the edit/delete links to use wp_nonce_url for generating the URL. Not sure why nobody has reported it yet, but it won’t let you edit/delete anything past the first page of sermons in admin currently.

Thanks!

Taking over some church website duties after a recent staff member transition & my knowledge is definitely lacking. We have an old sermon series that has been uploaded and when accessing that series the sermons are out of order. There are no dates on any of them, and they are titled with “part #’s” so I am wondering how to have them displayed with “part 1” at the top descending to “part 9” at the bottom. Thanks!

After the most recent update it seems that it has deleted my feed or possibly a setting that was over-written. Can someone please help me with this issue?

After the last update I can no longer add a sermon to the site. This is the error message I get:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable
to complete your request.

Please contact the server administrator at [email protected] to
inform them of the time this error occurred, and the actions you performed just
before this error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying
to use an ErrorDocument to handle the request.

I’m not sure what is going on here but after the update to 0.45.22 I am now getting fatal memory errors on a website; which I have never seen before. Can’t access the website or admin panel.

If I go in through FTP and rename the “sermon-browser” plugin folder everything comes back to life without issues. How would I go about troubleshooting this? If the SB plugin is enabled my site it essentially goes offline completely.