[Plugin: Business Directory] Don’t use business directory xss and injection problems

Viewing 11 replies - 1 through 11 (of 11 total)

  • Reconbot, Sorry we missed you. We have your email and are taking a look at your concern.

    Thread Starter Francis Gulota

    (@reconbot)

    Just to note, you still have a bunch of problems with your new version.

    reconbot makes a statement not to use the plugin, Business Directory; but does not appear to qualify his statement.
    Perhaps he will enlighten us!

    Yeah, what are the issues specifically?

    We have implemented all security recommendations from the WordPress team into our latest version 0.8.2 Beta. It is available now.

    Though we have been in contact, and despite asking for input, we have not received any specifics back from reconbot. In good faith, we have been in contact with the guys at WordPress who did give us some specific items to include to solve any potential issues with code insertion. We implemented all WordPress Team recommendations in our new code.

    We appreciate and thank Michael from The WordPress Team for his recommendations, advice, and code samples.

    We remain unsure of reconbot’s motivations.

    Thread Starter Francis Gulota

    (@reconbot)

    Hey, I did reply to your email and your old version of your plugin was riddled with security holes. So don’t question my motives beyond wanting to run a secure server.

    I haven’t yet tested your new one. If you’ve removed where you used pregreplace to escape ‘s with \’ in javascript strings and if you properly escaped your sql inputs then I’m sure your plugin is much much safer. I’ll confirm that wordpress security team contacted you. I’ll look at it closer and then give my opinion.

    reconbot, your motives are not in question, rather your way of going about things. As a visitor to this site, I would like to know if your comments are legitimate. You’ve already given your opinion — “Just to note, you still have a bunch of problems with your new version.” What do you mean by this?

    Thread Starter Francis Gulota

    (@reconbot)

    The latest version fixes the javascript xss bugs, and no longer suffers from any sql injection attacks. I’m running it right now. They use php short tags, fixing that is my last quip, but it’s not a security risk in the slightest.

    Cant install this plugin, screen goes blank unless plugin is deleted.

    Thread Starter Francis Gulota

    (@reconbot)

    Make sure open short tags is enabled with your php – it’s currently a requirement

    Actually, just upgrade. We took the php short tags out in our latest version.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘[Plugin: Business Directory] Don’t use business directory xss and injection problems’ is closed to new replies.