Basically, a malicious user could write a testimonial, upload a virus, and use the url to spread the virus elsewhere. Effectively, the site would be hosting malware.
On a site where I have used this, I have added a couple lines of code testing whether the file really is a jpeg:
$image_mime_type = exif_imagetype($_FILES['pts_photo']['tmp_name']);
I added that to pts_front_add_testimonial() and updated this line:
`if ( (strtolower($_ext) == ‘jpg’ || strtolower($_ext) == ‘jpeg’)
&& ( $image_mime_type == 2) )
.
.
.
`
But I wonder if the plugin author shouldn’t update the code to make this more secure.
I love this free plugin ??
The testimonials are cycling nicely in a carousel on the homepage. However, the text on the right side of the carousel is cut off by the margin. See https://tinypic.com/r/2wgcgur/8
Could you help me fix this problem?
Awaiting a reply
Thanks
]]>Hi! I’m having trouble getting “Submit a Testimonial” to be place above the blank form of the testimonial. I don’t know why it’s place underneath the submit button as the rest of my website doesn’t have issues being able to align my title above. Thanks for any help.
Here is the page where you can see the issues. https://www.katrinacordetastylist.com/testimonials/
]]>Your site offline? Cannot access your demos.
]]>I have uploaded two testimonials and have uploaded FPO images. Now I want to change them from the back end. When I click Edit, I am able to edit everything but the image. How can I edit this field?
Thanks
Is it possible to adjust the position on that page that the testimonials display? I placed the shortcode after my text but the testimonials are the first thing that is displayed on the page, before my text.
Thanks!
Great plugin.
]]>