alduinwf
Forum Replies Created
-
Hi @wfmargaret,
Thank you for your response. That sounds good. Looking forward :–)
Forum: Plugins
In reply to: [WP-Appbox] Remove Cookie from getContentThank you very much ??
Forum: Plugins
In reply to: [WP-Appbox] Remove Cookie from getContentFair enough.
But the cookie thing is indeed literally unused. It appears once and only once in the whole file.
$cookie exists only once in the file Since I do have a little “backup” (a folder “plugins-disabled”, from when I was testing something), I know that an old version used $cookie to provide curl with a cookie jar (and even deleted the cookie when done), but all that’s left now is creating the file and do nothing with it.
Code for old version:
Forum: Plugins
In reply to: [All In One Favicon] PHP 8.2 compatibility patchHi @vidarparry,
good catch, thank you for adding this ??
Hi, sure. It is https://www.film-rezensionen.de
I have another IP that got banned. Maybe rightfully so, I don’t know. This site has also installed WP Fastest Cache and I noticed it banning from the front page when a banned IP triggered renewal of the cache (yes unrelated problem, but at least we have an output):
https://paste.mozilla.org/Eod7O4Ra
(this link is valid for another 20 days, pastebin would not have post me this because their filters sensed some scam, not sure why that is…)
I don’t quite understand? It is the homepage and a banned IP address triggered renewal of the cache. If you look at the bottom of the HTML, it says there is a problem with the IP 23.22.35.162, which is some crawler or whatever hosted at Amazon AWS.
And this error page is delivered to any visitor until a new cache is created.
Hi,
I did not have the chance to create a test case yet, but it happened again, although not with googlebot.
Here’s the cached html that was generated and is delivered to guests (ie. not logged in):
https://paste.mozilla.org/Eod7O4Ra
I fixed that on the live site now…
I’m trying to doctor a simplified test case for development purposes. Hang on…
The visitors who come later see the broken “you are banned” page when the banned visitor triggered the cache.
Hello,
thank you, it indeed looks good now. Clicked edit and it selected to only trigger on the previously mentioned categories as it should.
Thank you for the update and the support :–)
Alright, thank you. :–) Waiting for updates.
There is an unsubscribe link in the weekly report mail. This seems to work.
But I agree that having this (and enabled) by default is irritating.
Forum: Plugins
In reply to: [All In One Favicon] CRITICAL > Security Threat | Plugin abandoned?Absolutely! I see your point and I agree. I just looked into the code (because of WordFence moaning about it), and wanted to debunk it so we all can sleep (a little) better. :–)
Forum: Plugins
In reply to: [All In One Favicon] CRITICAL > Security Threat | Plugin abandoned?I have looked into the code (and it looked back, jk)
I’d consider this somewhere between a non-issue and “well, it’s not nice, but it still is a non-issue”.
I’d assume, the problem they mention is this block in the mentioned method.
It has files deleted that come from $_POST and have a certain format. The method that actually deletes is here and it checkes if the file is within the upload folder:
Well, you could only exploit this issue when you are an administrator and logged in. Contrary to report you linked, you could NOT delete “any” file in your WP installation. You can only do so within your upload folder. And well, you can do this as well using WP’s media library when you’re admin.
So well. I guess this could be improved. But at the moment, I don’t see show stopper here.
Forum: Plugins
In reply to: [All In One Favicon] vulnerable to Directory Traversal – critical threatI have looked into the code (and it looked back, jk)
I’d consider this somewhere between a non-issue and “well, it’s not nice, but it still is a non-issue”.
I’d assume, the problem they mention is this block in the mentioned method.
It has files deleted that come from $_POST and have a certain format. The method that actually deletes is here and it checkes if the file is within the upload folder:
Well, you could only exploit this issue when you are an administrator and logged in. Contrary to report you linked, you could NOT delete “any” file in your WP installation. You can only do so within your upload folder. And well, you can do this as well using WP’s media library when you’re admin.
So well. I guess this could be improved. But at the moment, I don’t see show stopper here.