Providing a fix to a broken & removed plugin, is that allowed ?

  • Hello,

    I used to be extremely pleased with the Search Light plugin, however it has been removed from www.ads-software.com because it had a flaw, it allowed SQL injections.

    The thing is, I’m in good terms with a wordpress commercial coder (partly making a living with paid developments) and he told me that, from the looks of it, he could provide me a fixed version of this plugin very quickly, for a low price.

    So… here I am, wondering…

    When we have a plugin that hasn’t been updated by its creator in 5 months, and that may look abandoned…
    Is it allowed to provide a fix, even if I’m neither the coder nor the creator of the plugin ?

    – Me, I’d see advantages in this : I’d have at last a fixed version to use, and the community could use it too.
    – The money spending is not a huge pain (cheap, he said, cheap).
    – But I don’t want to get involved too much in becoming the maintainer of a new plugin based on a fork or something like that, I have neither the competence nor the time for this.

    I still haven’t coughed up the money for a fixing of the plugin’s code so we’re still hypothetically speaking.

    Please, could someone tell me how things could be done, from here ? Is it forbidden or impossible to provide a fixed version in the present condition, or it is OK and welcome ?

    Thanks if someone can tell me ??

    Greetings,
    Sabinou

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    If it’s GPL’ed code, as long as you credit the original author and aren’t rude about it (think Wil Wheaton) then yes, fix away.

    If it meets the guidelines you can submit it to the plugin repo too.

    I am in the same situation: I worked some days on the plugin wp-login (https://www.ads-software.com/extend/plugins/wp-login/) Last Updated: 2011-10-20
    I did a lot of work, just because I need it for myself:
    – added files needed but not presents (jPicker)
    – updated to jPicker 1.1.6 (now belongs to the plugin)
    – extracted wp-login.css
    – moved setup from ‘main menu’ to ‘setting menu’
    – fixed deprecated calls
    – fixed password reset does not works
    – fixed ‘View Your Login Page’ wrong ref in multisites
    Now I am using the modified plugin on my site.
    I would like to submit the fix to the author but he/she is not answering from months to the support topics.
    How can I submit my fixes?
    NOW it meets the guidelines too, but should I create e NEW plugin into the repo?
    Tnx for the help!

    NewsArena

    (@newsarena)

    Hi Sabinou.

    I see that it’s 7 months old topic, but if you have a fixed version of Search Light plugin, could you share it with us?
    It’a a great plugin, but because of the noted problem is unusable.

    Thanks in advance.

    Thread Starter Sabinou

    (@sabinou1)

    Hello,

    Actually, no, the deal was canceled. I tried fixing it myself, and failed. And yet, I did my searching, it seems I’m not the only person trying to make it work.

    The code source for the main file of the plugin is :
    https://pastebin.com/fmp7QRqd

    The key part would be to add, theoretically,
    $search_key = mysql_real_escape_string($search_key);
    , between the lines 153 and 154, in the itsas_sqlWhere function.

    As others reported, this won’t work. I still tried for myself.

    Adding this fix doesn’t work. The search thingy returns instead EVERY SINGLE BLOG POST OF THE BLOG as a result.

    Myqli instead of mysql, after all mysql_real_escape will be deprecated ? Same deal.

    $wpdb->escape($user_entered_data_string);
    , instead, since wordpress is kind enough to provide escaping means ? No result found at all in the searches.

    My conclusion was “to hell with that bloody problem” ??

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Providing a fix to a broken & removed plugin, is that allowed ?’ is closed to new replies.