Tyler Tork

It’s working well so there’s no particular need to update it. I just want to know whether you plan to continue maintaining it should problems arise.

I can easily reproduce a similar problem with the picture control bar, using the WordPress version 5.2 and Chrome Version 74.0.3729.157. The toolbar flashes when I hover over it, making it impossible to click any controls. I can get past it either by changing the zoom factor on the browser to fairly large, or by adding a blank line above the image so that the picture control popup doesn’t overlap the editor toolbar. I am of course using the Classic Editor plugin.

Well, yes, one could do that, but why does every user of this plugin have to notice for themselves that this is necessary — their testing in their email might not show a problem — and then fix it for themselves, as opposed to you fixing it by adding a string that really means “the link” rather then “the url” and using that in your default email?

In my case the error message cites line 152 of the same source file. I debugged the code. Just before the “foreach” statement, the value of $list_ids is ‘2’ — not an array, a string.

The widget uses the default form that your installer creates — “First Form”, which has list “Main” selected. If I edit it and save changes, the debug log now displays $list_ids = array ( 0 => ‘2’, ), and there is no error message displayed. So I think the defect is actually in your post-activation code where you’re creating the default form.

I understand how to correct the problem. I’m saying you need to emit a less cryptic message so people can know what to do without going search for help. This sort of message should never be displayed on the website. It casts doubt on the quality of the tool as a whole.

I too am getting this error. This is sloppy. Please trap the error and display a more useful message.

That is good to know, but if you could maybe add a validation rule on that input or at least some static text to tell people about it, and also, like, not crash the website, I think that would be a good move.

I was unaware that shortcodes could appear in a URL.
The checkout page has this shortcode in its body: [always_show_wp_shopping_cart]

I’m not a security specialist, but it seems to me that they’re complaining that an attacker can upload a file containing PHP code using your ajax.php file, as shown in the sample code in one of the linked pages:

[please do not post exploits here]

Once uploaded, it could be executed via a second HTTP request, and the code in it could do anything to other files on the site.

The solution, I believe, is to test the filename of the upload, and reject files whose suffixes are those of executable files for the web server. Or perhaps you need to establish additional secret URL arguments required of the caller. Again, not my area.

It’s possible there’s something in the hosting company’s security that would prevent this on a real website, but the people who tested this were apparently able to sneak it past in a local installation, so it seems likely it’s a real problem. You can’t rely on the hosting company’s security, because they don’t all do it right; you need multiple layers of prevention for something this serious.

Going forward, you need a process in place to monitor the security databases and address issues without delay. Hackers also have access to these resources, and are always looking for ways to update their bots to exploit known weaknesses. They will examine the HTML of sites to see what theme and version it is using and tailor their attack to the known weaknesses of that theme.

If the users of your theme are getting hacked because you don’t address reported issues, that’s negligence on your part. If you can’t commit to take this on, please remove the theme from the catalog.

• This reply was modified 8 years ago by Steven Stern (sterndata).
• This reply was modified 8 years ago by Steven Stern (sterndata). Reason: deleted exploit code

Thanks!

Great; thanks! While you’re in there, it would also be nice to have the entries the user has edited be listed together rather than having everything in alpha order. If they could at least be highlighted somehow that would be nice.

The specific problem I’m facing, is how to develop a plugin that includes a custom page type, that will work with all or nearly all themes. The width, padding, margins of the entry-content area tend to vary greatly between my custom page and the “normal” pages, but by different amounts in different themes. I just want my title and content to be placed in the “normal” title area and content area of the page. Is there not a standard way to do that?

thx

I’m seeing this also. I get an email alert, but the contents of the file change log are:

added
removed
changed
memory = 1.08
Why send me email about this?

This seems to be a problem on all websites hosted by Bluehost. I had no other mime type plugins active. I’m not sure what you expect me to get from that support page. My clients are not going to want to edit PHP code to make your plugin work. It needs to just work.