It is a simple plugin but i wouldnt recommend it for security

  • I like the plugin for it’s simplicity. But i do have 2 major complaints that explain why I give a 3 stars rating.
    1) The way you implmented the categories is bad. There will be a issue if I switch the order of the categories. I had to change it by myself and add a Category table in my MySQL database.
    2)Speaking of database, the way you insert, modify or delete records on the DB isn’t protected against SQL injection. Again I had to change if for a safer code.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Lester Chan

    (@gamerz)

    1) It is done on purpose because it is meant to be a very simple and lightweight download manager. I don’t want to create another table and UI just to manage it for it.
    2) The plugin was done before $wpdb->prepare() was created. But rest assured all inputs are properly sanitised before passing it to the DB. If you found an injection, do let me know. If you already fixed this, perhaps you can submit a pull request back so that I can merge it?

    @jjghali Can you point out what were those changes to make it more secure as per your suggestions?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘It is a simple plugin but i wouldnt recommend it for security’ is closed to new replies.