Nice plugin. few notes:

  • Resolved ttodua

    (@ttodua)


    5 years ago

    Hi. Excellent plugin.
    just minor suggestions.
    1) in cau_functions.php, line 801:

    .... $wpdb->query( $wpdb->prepare( "UPDATE $updateLog SET method = 'Manual' WHERE slug = '%s'", $_GET['plugin'] ) );

    there should be sanitize_key($_GET['plugin'])

    2) it might be better to have $_ kind variable assignments – secured with nonce/check-admin_referrer. i.e. pluginlist.php [line 5] initial lines, $filter = $_GET['filter']; or status.php[line 320] (would be nice to use sanitize_key additionally onto them ).

    3) comanion-auto-update.php[line 223]:
    $requestedPage = $_GET['tab'];... require_once( ... $requestedPage.'.php' );
    even though that is protected , it would be nice if that page was protected with nonce, in addition to sanitize_key usage.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Nice plugin. few notes:’ is closed to new replies.