Secure WordPress and s2Members

  • CyberOto

    (@cyberoto)


    13 years ago

    Hi,

    There is a bit of a problem when you have both plugins installed and in SecureWP you have checked Protect WordPress against malicious URL requests . This option do not allow URI to have above 255 bytes for normal users.

    In most cases this is perfectly fine, but when the s2Members plugin is enabled and do some checks for user level and stuff it can return URI parameters that are at least 230 bytes.

    In my case I have 30 bytes minimum in URI already and guess where are we headed =]

    So what did I do – simple check if the s2Member plugin is enabled and increase the default 255 bytes limit to say 355 =]

    in secure-wordpress.php search for function wp_against_malicious_url_request() and add this code:

    if (is_plugin_active('s2member/s2member.php'))
	{
		$request_URI = 355;
		//do some more ?
	}
	else
	{
		$request_URI = 255;
	}

    above if (strlen($_SERVER['REQUEST_URI']) > 255 || and modify this line to if (strlen($_SERVER['REQUEST_URI']) > $request_URI ||

    That is it – no more white pages for users that are trying to access a page that require higher access level.

    Regards,

    https://www.ads-software.com/extend/plugins/secure-wordpress/

  • The topic ‘Secure WordPress and s2Members’ is closed to new replies.

Tags