aedelgod

I’ve submitted a pull request to the author on their github about this. It includes a fix for the vulnerability. If you want, you can go to my fork of it linked to the pull request where I have the corrected code. You just need to download and replace the cptbc-frontend.php file found here:

https://github.com/aedelgod/CPT-Bootstrap-Carousel/tree/master/src

Here is a link to my pull request on the plugin author’s repo:

https://github.com/ewels/CPT-Bootstrap-Carousel/pull/100

and here is the commit showing the changes in code between the two that addresses the vulnerability if you are interested:

https://github.com/ewels/CPT-Bootstrap-Carousel/pull/100/commits/0eb5af3f26a15a61571b4dbb765bb358fb7326c1

The same thing happened to me. The latest update completely screwed up authentication for all the sites my company hosts and developed. If you have a custom admin path like the majority of ours do besides wp-admin, it throws a different error of “this function has been disabled for security purposes” or I get a Google auth error of missing scope. Had to roll this update back on 50 production sites today.

Hey @adeelkhan I am having this same issue with different plugins. It appears the latest update for me is stipping out query string for plugin JS files. It is affecting the functionality of reCaptcha for my sites using different methods. Recaptcha through Contact Forms 7 (CF7) and Forminator Pro is being broke in the latest update since Recaptcha relies on the query strings. The only resolution is to completely disable the Breeze plugin. Turning off cache settings was not enough, only turning off the plugin completely got it working again.

Yep, I’m having this problem too!

I am receiving this same issue on my sites. The guzzlehttp library appears to be in direct conflict with other plugins leading to 500 errors. Developer please see stack trace:

PHP Fatal error:  Uncaught Error: Undefined class constant 'MAJOR_VERSION' in /home/[redacted]/public_html/wp-content/plugins/google-calendar-events/vendor/guzzlehttp/guzzle/src/Utils.php:121
Stack trace:
#0 /home/[redacted]/public_html/wp-content/plugins/google-calendar-events/vendor/guzzlehttp/guzzle/src/functions.php(71): GuzzleHttp\Utils::defaultUserAgent()
#1 /home/[redacted]/public_html/wp-content/plugins/[redacted; plugin in conflict using same library]/vendor/guzzlehttp/guzzle/src/Client.php(194): GuzzleHttp\default_user_agent()
#2 /home/[redacted]/public_html/wp-content/plugins/[redacted; plugin in conflict using same library]/vendor/guzzlehttp/guzzle/src/Client.php(75): GuzzleHttp\Client->configureDefaults(Array)
#3 /home/[redacted]/public_html/wp-content/plugins/[redacted; plugin in conflict using same library]/vendor/google/apiclient/src/Google/Client.php(1058): GuzzleHttp\Client->__construct(Array)
#4 /home/[redacted]/public_html/wp-content/plugins/[redacted; plugin in conflict using same library]/vendor/google/apiclient/src/Google/Client.php(1032): Google_Client->createDefaultHttpClient()
#5 /home/[redacted]/public_html/wp-cont in /home/[redacted]/public_html/wp-content/plugins/google-calendar-events/vendor/guzzlehttp/guzzle/src/Utils.php on line 121
[01-Oct-2020 21:48:48 UTC] PHP Fatal error:  Uncaught Error: Undefined class constant 'MAJOR_VERSION' in /home/[redacted]/public_html/wp-content/plugins/google-calendar-events/vendor/guzzlehttp/guzzle/src/Utils.php:121
Stack trace:
#0 /home/[redacted]/public_html/wp-content/plugins/google-calendar-events/vendor/guzzlehttp/guzzle/src/functions.php(71): GuzzleHttp\Utils::defaultUserAgent()
#1 /home/[redacted]/public_html/wp-content/plugins/[redacted; plugin in conflict using same library]/vendor/guzzlehttp/guzzle/src/Client.php(194): GuzzleHttp\default_user_agent()
#2 /home/[redacted]/public_html/wp-content/plugins/[redacted; plugin in conflict using same library]/vendor/guzzlehttp/guzzle/src/Client.php(75): GuzzleHttp\Client->configureDefaults(Array)
#3 /home/[redacted]/public_html/wp-content/plugins/[redacted; plugin in conflict using same library]/vendor/google/apiclient/src/Google/Client.php(1058): GuzzleHttp\Client->__construct(Array)
#4 /home/[redacted]/public_html/wp-content/plugins/[redacted; plugin in conflict using same library]/vendor/google/apiclient/src/Google/Client.php(1032): Google_Client->createDefaultHttpClient()
#5 /home/[redacted]/public_html/wp-cont in /home/[redacted]/public_html/wp-content/plugins/google-calendar-events/vendor/guzzlehttp/guzzle/src/Utils.php on line 121

My problem was resolved when ACF released an update to their plugin that a lot of our websites rely on.

Hey @jockebq

I use this plugin too on a multisite, however, what you are asking for is not out of the box, but it does have some multisite support built-in, just not for the options. I see a lot of the code in basic-setup.php and there is its own multisite.php, so basically all you need to do it make the options work the same way, so what you can do, and I have done with other plugins is take the code as is and modify it as a separate plugin and add the multisite vars to functions to try and make it network-friendly such as:

public function function_name($network_wide) {
		parent::function_name($network_wide);

Then you would need to make sure the options you want are inherited and maybe go further and add a toggle option to override network settings per site if you want.

	if ( is_multisite() ) {
		$inherit_option = get_option( 'superpwa_inherit_settings' );
		$inherit        = true;

		if ( ! is_network_admin() && '0' === $inherit_option ) {
			$inherit = false;
		}

		echo '<h1>Using global settings: ' . ( $inherit ? 'YES' : 'NO' ) . '</h1>';
	}

I haven’t inspected the code of this plugin too much so you’d have to probably dig a lot more than I did and make sure it creates the options in wp_options for each site as they would if they were activated independently if you choose to do this while also having them in network_options, and definitely do this on a staging server if you end up exploring it.

What I still do is activate the plugin on a per-site basis which works fine for me. I’m not sure about your situation but the biggest multisite I manage is 30 sites and since the config is pretty simple it doesn’t bother me not to have globals for these settings as each site is unique as well.

Hey @anls

How and where are you trying to edit links? Without access to /wp-admin/ it would be hard for anyone to help looking at the frontend of the site.

If using the Chome browser, do CTRL + SHIFT + I and make sure your on the console then try to reproduce your steps. Did an error appear in the console? If so, sharing that error here will allow the community/development team to point you in the right direction.

Hope that helps.

@stephan-whelan I have not run into this issues and use TinyMCE boxes everywhere on some of our sites. It’s definitely a file permissions issue though. What hosting company are you with? Sounds like a common run-in I’ve had with sites on Cloudways if you ever ran the reset permissions tool. You may need to contact your hosting provider to run a batch chown against the WP directory to the proper user. If you’re a sudoer on your own server/vm then you would need to check and run that yourself. Hope that helps.

@ravanh I believe in the recent updates they added options in the subsite’s settings, you should be able to toggle it from there whether that site uses the classic editor or the block editor. You will need to enable it fist at the bottom of /wp-admin/network/settings.php then Site Admins will be able to toggle it on and off under Settings > General or Settings > Writing on each subsite.

I network activated this on some of our multisites. Hasn’t broken anything yet but the real test will be when 5.0 stable is released. We’re just now playing with the 5.0 RC to see if we run into any compatibility issues, hard to tell with all the bugs it currently has.

Hi @josevarghese

I’m having this issue with multisite, hope this following information helps.

The error referenced register-sq.js:5 with:
Registration failed with SecurityError: Failed to register a ServiceWorker

It is pulling network domain instead of site domain. The manifest-[siteid].json and sw-[siteid].js are generated with the correct information for each site.

WP Multisite 4.9.5
PHP 7.1.16
MySQL 5.6.36

I am not minifying or caching any JS. There are headers set for browsers to cache JS

I do minify and cache CSS and HTML.

Hope this helps, looking forward to the fix, thank you and great job on your plugin.

EDIT:
@btran110
Fixed with https://github.com/SuperPWA/Super-Progressive-Web-Apps/issues/28

Was a CORS issue from domain mapping.

• This reply was modified 6 years, 6 months ago by aedelgod.
• This reply was modified 6 years, 6 months ago by aedelgod.

I’m running into the same issue. Is there an ETA on a fix? Thanks.

Hi @wfyann

It seems the problem is actually the plugin not being compatible with HHVM. This was outlined in: https://docs.wordfence.com/en/Wordfence_system_requirements

Please note that HHVM is currently not supported due to stability issues within HHVM. As of 2017-05-25

Thanks for your help though, it would be great to get this compatible with HHVM for some of my older client’s websites that would take a lot of work to get working with PHP7. We are already developing current and future websites on PHP7. Thanks.

Hello all,

I have figured out what my error was. For future reference to everyone, your fields cannot contain any capital letters or underscores. It should all be lowercase alpha-numeric and may contain a hyphen “-” but not any other special character or spacing, hope this helps someone else that experienced a similar issue, thanks.