jasonpomerleau
Forum Replies Created
-
Here are the details of the vulnerability:
I believe the correct fix is to update line 346 of /postman-smtp/Postman/Postman-Email-Log/PostmanEmailLogController.php as follows:
value=”<?php echo htmlspecialchars($_REQUEST[‘page’]) ?>” />
Also possibly helpful: the login form works fine. It’s just the password reset.
Yes, password reset works fine from the default WP screens/theme.
Folder reconfiguring was done via this set of items in wp-config.php
define(‘WP_SITEURL’, ‘https://’ . $_SERVER[‘SERVER_NAME’] . ‘/wp’);
define(‘WP_HOME’, ‘https://’ . $_SERVER[‘SERVER_NAME’]);
define(‘WP_CONTENT_DIR’, $_SERVER[‘DOCUMENT_ROOT’] . ‘/app’);
define(‘WP_CONTENT_URL’, ‘https://’ . $_SERVER[‘SERVER_NAME’] . ‘/app’);I’m open to hard-coding the correct URL to test – just need a rough pointer of where to modify it in the plugin code.
Forum: Developing with WordPress
In reply to: Enqueuing scripts with URL Parameters?Thanks everyone. The snag here is the the URL parameters are dynamic. I think I’m going to have to use wp_deresgister_script before each wp_enqueue_script for this. If I understand the docs correctly, re-enqueuing ignores any new parameters supplied (including changing the src argument).
<script src="https://somesource/script.js?entityID=12345"></script>
<script src="https://somesource/script.js?entityID=67890"></script>Forum: Developing with WordPress
In reply to: Enqueuing scripts with URL Parameters?I should add that each widget I embed will require different URL parameters.