AIOSEO translation may not need “PHP Allow Url fopen” string
-
The wordpress dashboard contains the following code, which contains "PHP Allow Url fopen" string. This string triggered modsecurity rule 953110 which matched Pattern: The rule detected the use of potentially dangerous PHP functions such as fopen, which is flagged as a source code leakage vulnerability. I failed to see why this translation is needed in AIOSEO...
<script type="module" src="https://localhost/wp-content/plugins/all-in-one-seo-pack/dist/Lite/assets/notifications.diWVLcTF.js?ver=4.7.1.1" id="aioseo/js/src/vue/standalone/notifications/main.js-js"></script>
<script id="aioseo/js/src/vue/standalone/app/main.js-js-extra">
var aioseoTranslations = {"translations":{"":{"domain":"all-in-one-seo-pack","lang":"zh_CN","plural_forms":"nplurals=1; plural=0;"}, ... , "PHP Allow Url fopen":["PHP\u5141\u8a31Url fopen"],"PHP Code":["PHP\u4ee3\u78bc"] ... }
The translation is getting from the following file: all-in-one-seo-pack\app\Common\Main\Main.php
public function enqueueTranslations() {
aioseo()->core->assets->load( 'src/vue/standalone/app/main.js', [], [
'translations' => aioseo()->helpers->getJedLocaleData( 'all-in-one-seo-pack' )
], 'aioseoTranslations' );
}
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- You must be logged in to reply to this topic.