Php false positive Block Bad Queries Plugin

  • Resolved bymiki

    (@bymiki)


    6 years, 9 months ago

    Hi there,

    Here there is another posible false positive with “BBQ Block Bad Queries” plugin?

    FILE: /***/wp-content/plugins/block-bad-queries/block-bad-queries.php
    ——————————————————————————————————————————————————
    FOUND 1 ERROR AFFECTING 1 LINE
    ——————————————————————————————————————————————————
    49 | ERROR | The behaviour of hexadecimal numeric strings was inconsistent prior to PHP 7 and support has been removed in PHP 7. Found: ‘0x3c62723e’
    ——————————————————————————————————————————————————

    And here the answer from the plugin author:

    “Actually the “SG Optimizer” is incorrect in this case. The recognized pattern, 0x3c62723e is not functional code; rather it is static text that is used as a BBQ pattern. So the plugin is able to block any malicious requests that include it. So totally safe in this particular context. May want to let the SG Optimizer plugin developer know about it, maybe there is a way to distinguish between static and live PHP code while scanning.”

    Thanks,

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Hristo Pandjarov

    (@hristo-sg)

    SiteGround Representative

    You can update your PHP Version manually. I will whitelist the BBQ plugin so we don’t trigger other false-positives.

    Thread Starter bymiki

    (@bymiki)

    Thanks Hristo

    SG Optimizer is still showing the false-positive ERROR message (The following plugins/themes are not compatible with PHP 7.1. Block Bad Queries (BBQ)): 49 | ERROR | The behaviour of hexadecimal numeric strings was inconsistent prior to PHP 7 and support has been removed in PHP 7. Found: ‘0x3c62723e’

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Php false positive Block Bad Queries Plugin’ is closed to new replies.