holas84

Ah. Cool. Cool. You’re not seeing any issues with it on the frontend, right? Those are just very low level deprecation notices that shouldn’t cause any actual breakage of the site. In fact, you shouldn’t even see these at all unless you’re forcing debug mode to be on. So that’s good. I was worried for a minute.

I’ve now fixed these up and will include the updated code in the next release of the plugin. Thanks so much for letting me know!

Can you share those javascript warnings? I’m not currently aware of any warning and I’d be happy to fix them up ASAP for you.

Thanks so much, Carrie. First off, I’m sorry about that bug. That was completely my fault, but I sure am thankful that you gave us the opportunity to get that fixed up for you. And I’m glad that we were able to git ‘er done. Rock on, my friend!

We found out about this just over 2 hours ago and started working frantically on a solution. We have now patched both the vulnerability and have made it so that any affected sites will be automatically fixed immediately upon installing 3.5.3. We just published this version about 10 minutes ago that will immediately fix this issue. It won’t be available until WordPress reviews the new version and reactivates the plugin.

In the mean time, you can get the fixed version directly from our website here:
https://warfareplugins.com/updates/social-warfare/social-warfare.zip

We are super upset and distressed about this, as I’m sure you can all imagine. Hackers suck and it’s horrible that we live in a world where people do this. But at the end of the day, it was still our fault for having the vulnerability for them to be able to take advantage of. We’re more sorry about this whole ordeal than any of you could possibly imagine, and we’re thankful for a lot of the support and wonderful kindness that the vast majority of you have sent our way during this.

By the way, I’m fairly certain that your X-Frame-Options being set to Deny will break the built in framing features of WordPress like the Customizer page under the Appearance settings. At the very least, I imagine you would want to set it to SAMEORIGIN wouldn’t you?

Both of those alternate methods that you recommend will block the visitor from gaining access to your site at all. The purpose of having a site, is to get the user onto the site to view your content. Therefore, both of those methods defeat the entire purpose of having a site.

The methods that our plugin use redirect the user off of the framing site’s domain and directly onto your content. This allows content marketers who are using content to call people to action, to get users to see their content without foreign calls to action.

The extra bit for Start A Fire, is because they don’t frame sites. They literally scrape your page, hijack the HTML from it, inject their own stuff directly into the page’s HTML, and then serve your html combined with theirs from their own Proxied IP address. Therefore there is no frame to detect.

However, I was able to find a piece of header meta data that they use so that when I detect it, I can forward users off of their proxied content and back onto your site.

Essentially, the rest of the plugin simply checks for one thing. It checks to see if the frame is originating from the same domain. If it is, like on the options page of the WordPress dashboard (The Customizer) then we assume it’s a good frame. If it’s from a different domain, we redirect the user onto your site.

If that logic doesn’t suite your needs, then our plugin is probably not the solution that you’re looking for.

Nah, I figured it out and just pushed out an update that fixes it. It was just a directory issue that I needed to fix up. You should no longer see that error message upon activation now.

KonaGirl, that was my fault, sorry about that. For some reason there was an extra folder with another copy of the plugin inside of it. I just deleted that folder and that error should be completely gone now. Sorry for the hassle and sorry for not seeing this until now.

So get_option(wpurl) doesn’t work?

Alright. I’ll get it fixed within the next hour. Thanks for the help.

I think that I now have that fixed. I’ll have it udated in the directory in about 15 minutes. We’ll call it 1.1.1 so when you see that version you’ll see that it’s been updated. Thanks for helping me find that.