AIOSEO translation may not need “PHP Allow Url fopen” string

  • Resolved falu1

    (@falu1)


    3 weeks, 4 days ago

    The wordpress dashboard contains the following code, which contains "PHP Allow Url fopen" string.  This string triggered modsecurity rule 953110 which matched Pattern: The rule detected the use of potentially dangerous PHP functions such as fopen, which is flagged as a source code leakage vulnerability.  I failed to see why this translation is needed in AIOSEO...

    <script type="module" src="https://localhost/wp-content/plugins/all-in-one-seo-pack/dist/Lite/assets/notifications.diWVLcTF.js?ver=4.7.1.1" id="aioseo/js/src/vue/standalone/notifications/main.js-js"></script>
    <script id="aioseo/js/src/vue/standalone/app/main.js-js-extra">
    var aioseoTranslations = {"translations":{"":{"domain":"all-in-one-seo-pack","lang":"zh_CN","plural_forms":"nplurals=1; plural=0;"}, ... , "PHP Allow Url fopen":["PHP\u5141\u8a31Url fopen"],"PHP Code":["PHP\u4ee3\u78bc"] ... }

    The translation is getting from the following file: all-in-one-seo-pack\app\Common\Main\Main.php  
    	public function enqueueTranslations() {
    		aioseo()->core->assets->load( 'src/vue/standalone/app/main.js', [], [
    			'translations' => aioseo()->helpers->getJedLocaleData( 'all-in-one-seo-pack' )
    		], 'aioseoTranslations' );
    	}
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author arnaudbroes

    (@arnaudbroes)

    Hey @falu1,

    Thank you for reporting this.

    We don’t include this string in our plugin AFAIK and I don’t see it in our code at first glance. What language are you using? I’ll take a look at the translations.

    Thread Starter falu1

    (@falu1)

    Turns out somehow wp-content\languages\plugins\all-in-one-seo-pack-zh_CN.po is dated 2021/8/1, must be a left over from one of the old versions we installed. Removing all all-in-one-seo-pack-zh_CN* files in that folder, and paste manually with the .po/.mo/json file I freshly installed from another machine will not see the problem. The newly copied file is dated 2022/6/4

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.