Hey Edir,
I am looking to send reports to multiple e-mail addresses with your plugin. However in its current state, it does not support that feature to handle validating multiple e-mails.
I found that it will not support these multiple e-mails because of the function is_email() in your validate method.
I added the ability to manage this functionality in locally and have it working.
I’d love if this could make it in to a patch in the near future so I can start pushing out reports to multiple people.
The changes I made to support this are below.
/*
* Validating fields
*/
static public function validate($input) {
if ( ! empty( $input['email'] ) ) {
// Remove any whitespace
$input['email'] = preg_replace('/\s/', '', $input['email']);
// Check for multiple emails, separated by the comma (,)
$emails = explode( ',', $input['email'] );
// Loop through the emails and ensure they are all valid
foreach ( $emails as $email ) {
if ( ! is_email( $email ) ) {
add_settings_error( self::$id . '_notification', 'invalid-email', __( 'You have entered an invalid e-mail address.', self::$id ) );
}
}
}
return $input;
}
I also extended the Introduction to notify how to add multiple e-mails.
/*
* Introduction
*/
static public function introduction() {
echo '<p>' . __('Fill the options below if you want to be notified by mail about new vulnerabilities. To add multiple e-mail addresses, separate them via comma (,).', self::$id) . '</p>';
}
Hey there Edir,
I am looking to send out Vulnerability Reports to multiple people through your plugin. I noticed that it is not able to handle that in its current state.
Right now if you try and add multiple emails, the validation method using is_email() validates as false, as [email protected],[email protected] will validate as an incorrect email.
I modified the validation method to support handling multiple email addresses. Is this something that could be addressed? Or is there a way I could create assist on the plugin and create a Pull Request for the change?
Here are the changes I made:
Modified in vulnerability-alerts.php
/*
* Validating fields
*/
static public function validate($input) {
if ( ! empty( $input['email'] ) ) {
// Remove any whitespace
$input['email'] = preg_replace('/\s/', '', $input['email']);
// Check for multiple emails, separated by the comma (,)
$emails = explode( ',', $input['email'] );
// Loop through the emails and ensure they are all valid
foreach ( $emails as $email ) {
if ( ! is_email( $email ) ) {
add_settings_error( self::$id . '_notification', 'invalid-email', __( 'You have entered an invalid e-mail address.', self::$id ) );
}
}
}
return $input;
}
I also added a line to the introduction explaining how to add multiple e-mails for notifications.
/*
* Introduction
*/
static public function introduction() {
echo '<p>' . __('Fill the options below if you want to be notified by mail about new vulnerabilities. To add multiple e-mail addresses, separate them via comma (,).', self::$id) . '</p>';
}
For what it’s worth, I’m getting this warning at sites running on PHP 7.1:
]]>PHP Warning: Invalid argument supplied for foreach() in /wp-content/plugins/vulnerability-alerts/vulnerability-alerts.php on line 280
I received double email from the same site with same content
]]>Já viu isso (https://mainwp.com/extension/vulnerability-checker/)?
é possível através de uma central gerenciar vários sites WordPress.
]]>Olá Edir,
O que acha do alerta ter a op??o mensal?
abra?o,
]]>Hi,
I’ve installed this plugin in several websites, and I’ve encountered some error in only two cases. On this two websites, the “Check now” process always returns a general “Report not available” to all the items in the list (WordPress, plugins and themes)
I suspect it could be related to some server configuration such as php execution, firewall, but I don’t know where to start to debug this.
Can you give me some advice, some point I should check, in order to detect what is the nature of the problem here? maybe some exception in the PHP version, the wp version, the server configuration…
I’m at your full disposal in order to debug this, if you want me to try anything I’ll be glad to help
Thank you
]]>Thanks for the great plugin.
I’d like to request a feature whereby if a vulnerability is selected in the “Vulnerabilities to Ignore” that it also be hidden on the Admin toolbar.
This could be done either by default or by an new checkbox at the bottom of the tools.php?page=vulnerability-alerts page.
That way it would be obvious if a new vulnerability becomes known.
At the moment I have a shield icon with 1 beside it on all my sites due to a trivial vulnerability I am ignoring on them all.
Ao tentar instalar o plugin aparece esse erro ai.
Fatal error: Call to undefined function wp_get_themes() in /home/…/www/wp-content/plugins/vulnerability-alerts/vulnerability-alerts.php on line 190
]]>Hello,
Can you provide the POT file of the plugin?
D.
]]>Hello,
Since latest update 1.2 I get what it seems to be a false positive alert for plugin “SEO Redirection” for version 2.2 – which is from last year. Latest version of this plugin (installed) is 3.9 and a couple of weeks old.
I don’t really know whether the problem is here with this plugin or with the other one that might return a wrong version, but I got the alert only after updating this one.
Thanks!
]]>Hello, Edir!
I noticed your plugin detects and sends notifications only after a vulnerability is marked as fixed in WPScan. I believe people should know as soon as possible that their websites are vulnerable and that means they should be notified regardless of the “fixed_in” variable status.
I made a small change to the function that retrieves the vulnerabilities to correct this issue. Can you please add it to your plugin?
https://pastebin.com/h4WDnevM
Also, if you have the plugin on Github, please consider adding a link to its repository in the plugin description.
Best regards,
Eusebiu Oprinoiu
PS: Take a look at this issue as well!
]]>Hello, Edir!
I noticed your plugin doesn’t remove the options stored in the Options table on uninstall. (“vulnerability-alerts” and “vulnerability-alerts_notification”)
Could you consider adding an uninstall.php file in a future update?
Best regards,
Eusebiu Oprinoiu