Submit of items isn’t working!
-
Hi I hope you are fine and willing to answer questions without transferring us to a closed site!
Our customer is using this lava directory manager and a legal version of the javo directory version 3 and he can’t submit any items when he is using a MAC OSX or IOS Device!
Also, the submit form seems not to be compatible with mobile responsive design, as it does not resize when 1440 width has been chosen in the Theme Settings.
Besides, that we would like to address several security issues we found:
Now scanning: Lava Directory Manager v. 1.0.8 Number of files to scan: 40 Files remain: 0 Verbose output You can ignore all Unsafe messages if you trust the author and the source of this plugin. OK/lava-directory-manager/lava-directory-manager.php <strong>Unsafe/lava-directory-manager/includes/class-addons.php view source wp_remote_post at line 173: $lavaResponser = wp_remote_post( Potential risk: Medium. Upload or download data from/to any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant.</strong> <strong>Unsafe/lava-directory-manager/includes/class-admin.php view source file_get_contents at line 581: $lava_all_posts = json_decode( file_get_contents( $strFileName ), true ); Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions. Unsafe/lava-directory-manager/includes/class-core.php view source file_get_contents at line 578: $json_contents = file_get_contents( $json_file ); Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions. create_function at line 686: , create_function( Potential risk: Low. Create an anonymous (lambda-style) function. A native anonymous function should be used instead.</strong> OK/lava-directory-manager/includes/class-enqueues.php OK/lava-directory-manager/includes/class-lava-array.php OK/lava-directory-manager/includes/class-shortcodes.php OK/lava-directory-manager/includes/class-submit.php OK/lava-directory-manager/includes/class-template.php OK/lava-directory-manager/includes/class-widgets.php OK/lava-directory-manager/includes/functions-admin.php OK/lava-directory-manager/includes/functions-ajaxListings.php <strong>Unsafe/lava-directory-manager/includes/functions-ajaxMap.php view source wp_remote_get at line 140: Potential risk: Medium. Load external data from any web server. May be used to load malicious code from the external source. You can prevent that using constant WP_HTTP_BLOCK_EXTERNAL or restrict hosts with WP_ACCESSIBLE_HOSTS constant. file_get_contents at line 199: die( $output ); Potential risk: Medium. Read entire file into a string. May be used to load malicious code from the external source/website without any restrictions.</strong> OK/lava-directory-manager/includes/functions-core.php OK/lava-directory-manager/includes/admin/admin-addons-page.php OK/lava-directory-manager/includes/admin/admin-addons.php OK/lava-directory-manager/includes/admin/admin-amenities-form.php OK/lava-directory-manager/includes/admin/admin-featured-form.php OK/lava-directory-manager/includes/admin/admin-index.php OK/lava-directory-manager/includes/admin/admin-loop-addons.php OK/lava-directory-manager/includes/admin/admin-mapmeta.php OK/lava-directory-manager/includes/admin/admin-metabox.php OK/lava-directory-manager/includes/admin/admin-welcome.php OK/lava-directory-manager/includes/widgets/widget-featureds.php OK/lava-directory-manager/includes/widgets/widget-recents.php OK/lava-directory-manager/includes/widgets/widget-single-contact.php OK/lava-directory-manager/includes/widgets/html/widget-single-contact.php OK/lava-directory-manager/templates/content.php OK/lava-directory-manager/templates/template-addItem.php OK/lava-directory-manager/templates/template-dashboard.php OK/lava-directory-manager/templates/template-listing-list.php OK/lava-directory-manager/templates/template-listing.php OK/lava-directory-manager/templates/template-map-htmls.php OK/lava-directory-manager/templates/template-map.php OK/lava-directory-manager/templates/template-not-list.php OK/lava-directory-manager/templates/form/lava-add-item-file.php OK/lava-directory-manager/templates/form/lava-add-item-location.php OK/lava-directory-manager/templates/form/lava-add-item-meta.php OK/lava-directory-manager/templates/form/lava-add-item-terms.php OK/lava-directory-manager/templates/form/lava-add-item-user.phpIndeed we got called by that customer as his site got hacked after installing converting his site to version 3 of javo-directory Theme he purchased on Themeforest.
The Theme itself looks great – really nice but seems to have severe security issues as we checked also other files of the theme with even red alerts of the WordPress plugin inspector! I would recommend that those parts really get solved to be green when checked in the plugin inspector.
It is very sad that none of the questions here get actually solved concerning the lava directory manager and instead all requests get tried to get monetized by Javo who seems to maintain that lava directory manager.
A last question concerning that Map plugin Lava provides. Does it allow to locate and center the map on mobile devices with GPS enabled. Which means is it possible to tab and then the exact location data gets stored on the spot the editor is standing when entering data and taking images with the mobile device which get uploaded.
Of course this would be only really useful at all if the submit would also work. We tested the map functionality but weren’t able to get actually the exact GPS data from the mobile device entered into the form.
Some themes i.e. the residence theme from ana (a really great one) can get the exact location on the map and form, as well as many other directory themes which are using a map.
Thanks a lot for your nice theme and I hope you can solve out all issues soon also of the plugins you are using.
- The topic ‘Submit of items isn’t working!’ is closed to new replies.
