This is not "security"

  • Edit: The plugin keeps improving, so I raised the rating.

    Aside from the fact that the “security”-measurements that this plugin tries to implement are a joke (there have been enough cases where plugins in the official repo have been compromised), the “calculation” itself is bogus.

    From reviewing the source code (spaghetti/function code) there are issues all over:

    • Does remote requests, where the results aren’t tested properly. So whatever comes from the remote source will just be used – which is a security fail at its best.
    • Doesn’t use any WordPress coding practice like the list tables API, registering and enqueuing styles, etc. etc.
    • Doesn’t handle errors properly. Neither with the remote response, nor with any other WP Error object…

    Summed up: Don’t use it. This is the opposite of security.

    Reviewed Version: 0.71.2

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Renefs

    (@renefs)

    Hi Franz,

    First of all, thank you for reviewing the plugin. It’s a shame you did not like it, but several point you mention were true, so I decided update the plugin with your recommendations (tables list API, no more spaghetti, best error handling, enqueuing styles…)

    I also modified the plugins name to make more clear what is its purpose, removing the security factors that may make somebody confuse.

    I hope you’ll like the newer version.

    Thread Starter Franz Josef Kaiser

    (@f-j-kaiser)

    Hi Renefs,

    extending the WP List Table class and the error handling made it much better. I still don’t agree that this isn’t spaghetti code – should be a class, don’t use constants (at least not with such generic names) – but the overall approach is an improvement.

    If you can rework that class too and tell me how I can change the rating, I’ll be happy to raise it.

    Best wishes,
    K.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘This is not "security"’ is closed to new replies.