v2.7.11 broke everything

  • Resolved Dr.XJ

    (@drxj)


    3 years, 1 month ago

    Hello,

    I updated the Ad Inserter from v2.7.10 to v2.7.11 but it broke everything.
    No ads are being showing and my php code in the header doesn’t work. It breaks the website completely. This is why I can’t use the debug feature. If I remove the php code, the website works OK but still Ad Inserter don’t show any ads.
    I had to downgrade to v2.7.10 again and everything works perfectly.

    Any help?

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Spacetime

    (@spacetime)

    Hello,

    the latest version fixes security issue which allowed to run arbitrary code when the administrator who manages the website defined constants (or enabled security settings) to prevent such code from running.

    Do the following test:

    Paste this code in an empty block, enable PHP processing and click on Preview:

    <pre>
<?php

    echo 'DISALLOW_FILE_EDIT:      ', defined ('DISALLOW_FILE_EDIT') && DISALLOW_FILE_EDIT ? 'SET'  : "NO", "\n";
    echo 'DISALLOW_FILE_MODS:      ', defined ('DISALLOW_FILE_MODS') && DISALLOW_FILE_MODS ? 'SET'  : "NO", "\n";
    echo 'DISALLOW_UNFILTERED_HTML:', defined ('DISALLOW_UNFILTERED_HTML') && DISALLOW_UNFILTERED_HTML ? 'SET'  : "NO", "\n";

?>
</pre>

    Paste the results here.

    Check also if you can edit plugin or theme PHP files (Plugins/Plugin File Editor, Appearance/Theme File Editor)

    Thread Starter Dr.XJ

    (@drxj)

    DISALLOW_FILE_EDIT: SET
    DISALLOW_FILE_MODS: NO
    DISALLOW_UNFILTERED_HTML:NO

    This is the results I got with the older version(v2.7.10)

    File edit is disabled via iThemes Security.
    These options are enabled in iThemes Security:
    Protect System Files, Disable Directory Browsing, Disable PHP in Uploads, Disable PHP in Plugins, Disable PHP in Themes, Disable File Editor

    Plugin Author Spacetime

    (@spacetime)

    This indicates that you have the constant DISALLOW_FILE_EDIT set. In such cases PHP code processing should not be allowed.

    So you need to disable security options that disable PHP code or file editing.

    The test above should write NO for all three constants.

    Thread Starter Dr.XJ

    (@drxj)

    Thanks. I’ll try that.
    Even so, with all these security options enabled, I have no issues with v2.7.10

    Do you think it’s safe to turn off these features? isn’t there any other way around?

    I’m not comfortable with not updating Ad Inserter and also I’m not comfortable with having these security options off.
    What’s the best thing to do here?

    Also, does this have anything to do with ads not being shown? or it’s for the php code not being executed? If it’s only about the PHP, maybe I can move it to function.php

    Plugin Author Spacetime

    (@spacetime)

    If you are the only administrator of your website then you don’t need those security features.

    In your case PHP code was not processed/executed in version 2.7.11 due to the constant set.

    Moving the code to functions.php is a workaround – just make sure it is a child theme so the code will not be overwritten with updates.

    Thread Starter Dr.XJ

    (@drxj)

    Thank you very much. Disabling “Disable File Editor” feature in iThemes Security solved all the problems. You’re the best.

    Plugin Author Spacetime

    (@spacetime)

    ??

    You’re the best.

    Please say it here:
    https://www.ads-software.com/support/plugin/ad-inserter/reviews/#new-post

    Thank you!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘v2.7.11 broke everything’ is closed to new replies.