Me
Forum Replies Created
-
Forum: Plugins
In reply to: [Cleverwise Daily Quotes] Temporarily closedForum: Plugins
In reply to: [Cleverwise Daily Quotes] Temporarily closedIf you want the newly patched version:
1) Go to https://www.cyberws.com
2) On the contact page select “WordPress Plugin Suggestion”
3) Simply let me know through that form that you want the latest version.
4) Obviously fill out the form with your email.
I’ll send you an email with the files. You just need to upload the files to your plugin directory/folder and overwrite the old files.
You may need to add support at cyberws dot com to your white list. Or at least check your spam/junk folders for a day or so as my response may end up in that area.
I appreciate all your support community!
I was told I had not modified the code to address XSS. I did indeed if they would actually review the code! In version 3.4 there are tokens generated that are embedded into the forms and links. The server stores a matching key.
I did not use cookies because often a cookie code will be added automatically by a browser to even malicious links. The token even resets on every access of the main plugin page (where no deleting or updating can occur). Thus eliminating an attacker’s ability to just grab a previous key and try to feed that into some malicious call.
A key embedded into the page that rotates is the proper way to deal with XSS attackers but WP rejects this so, whatever. WP has a history of not following proper security themselves (Google/Bing/DuckDuckGo WP’s poor security record). Anyway I can’t say I am surprise they fail to understand this concept.
I don’t have the time to jump through all their unfriendly hoops.If for some reason WP decides to play better, which I doubt, I will return to this plugin publicly.
Cheers,
JeremyForum: Plugins
In reply to: [Cleverwise Daily Quotes] Temporarily closedThe WP team rejected the accepted token practice and thus refuses to turn the plugin back on. So I am now officially abandoning any further public development.
I now consider this matter closed due to WP’s anti-developer stance.I appreciate the interest in this plugin and hope it has served you well and good luck with future endeavors.
Cheers,
JeremyForum: Plugins
In reply to: [Cleverwise Daily Quotes] Temporarily closedYou are fine on your version. I agree the issue needed patching but the risk was very minor. There were never any examples of real world attacks.
1) You would need to be logged into your site.
2) Visit another website that say had the delete form on it.
3) You were tricked and clicked the delete button on that site it could send a delete request to your server to delete data.
So you have to be tricked into thinking you are on your website when you are on someone else’s. You also must be logged into WP or the attack fails.
Therefore if you pay attention and don’t get confused that you are on another site to manage your daily quotes no risk. However the latest version will stop that even if you aren’t paying attention. So again low risk but yeah technically a security issue.
Cheers,
JeremyForum: Plugins
In reply to: [Cleverwise Daily Quotes] Temporarily closedI have released version 3.4 which patches the issue. The new code is now in the WP system. I sent an email to the WP team to reopen the plugin. We shall see how fast that goes.
I will post again when the plugin has been turned back on or if they deny the request.
Cheers,
JeremyForum: Plugins
In reply to: [Cleverwise Daily Quotes] Temporarily closedOkay I started the patch and have security tokens being generated. The code is in place to check for mismatches between two tokens. This will stop any cross site scripting attacks (which would be so rare).
I now need to add the security token to all links and form submissions. I should have this done by Monday and will then submit to the WordPress team for a review and hopefully reactivation.
I can’t say how long that will take but will post here again when I have submitted the code. I appreciate your patience as life called me to other duties.
Cheers,
JeremyForum: Plugins
In reply to: [Cleverwise Daily Quotes] Temporarily closedThank you. I did start working on a patch. I need to get it fixed this Jan 2024 for multiple reasons. I will work on getting it uploaded to WP and shall see if they will unlock the plugin. I will post back to this thread.
- This reply was modified 11 months ago by Me.
Forum: Plugins
In reply to: [Cleverwise Daily Quotes] Temporarily closedHello. I understand. I will fix this error in a week or so. Unfortunately at this time I am moving countries and just don’t have the time to work on this so for a bit this will have to remain the case. It will be fixed though.
Cheers,
JeremyForum: Plugins
In reply to: [Cleverwise Daily Quotes] Bulleted listYou can use both but not in the same quote area. You of course may have multiple quote areas/sections on your page.
You have to think through your layout. If you are going to have same number of 1, 2, 3, 4, 5 on every day then you could probably do it all in a single multiquote section.
However I do not know your total layout so you need to think it through as you know what you want and not me.Forum: Plugins
In reply to: [Cleverwise Daily Quotes] Bulleted listGood deal.
I am not sure what you did but each quote has its own unique area for a template/theme.
Since your setup is not a standard one I would put the necessary theme/template for each quote section into its custom override.
Then add back the default theme into the “Settings” area.
As for changing image that is possible if you make it part of the quote or another quote area even if it doesn’t look like a quote. Review multipart quotes too.Forum: Plugins
In reply to: [Cleverwise Daily Quotes] Bulleted listWhat I would do is put a quote like this:
<li>1. Day 1 First point</li><li>2.
Day 1
Second point</li><li>3.Day 1
Third point</li><li>4.Day 1
Fourth point</li>%%<li>1. Day 2 First point</li><li>2.Day 2
Second point</li><li>3.Day 2
Third point</li><li>4.Day 2
Fourth point</li>%%<li>1. Day 3 First point</li><li>2.Day 3
Second point</li><li>3.Day 3
Third point</li><li>4.Day 3
Fourth point</li>In the code for the quote template:
<ul><li>Test</li>{{quote}}</ul>
Forum: Plugins
In reply to: [Cleverwise Daily Quotes] Skip weekendsThe plugin does not skip days but you could for Sundays (every seventh day) just show a blank. So six entries blank, another six blank, etc.
Forum: Plugins
In reply to: [Cleverwise Daily Quotes] is there a way to start from the day i wantThe start date is whatever the current day is when you setup the quote section. So if it is Feb 12 that is start date. If it is Mar 28 that is the start date.
Therefore when you add your content the current day you added the section will begin the 30 day content.Forum: Plugins
In reply to: [Cleverwise Daily Quotes] add internet links to dailies?You will need to change the separator from enter/return to something like %break%
Otherwise the plugin will think each return is a new quote and that will mess up things.Forum: Plugins
In reply to: [Cleverwise Daily Quotes] add internet links to dailies?Yes. Full html is supported.