jimisaacs

BTW, did anyone look at the first screenshot? I heard no mention of the padding in that one. There are 3 text menu items there, not 1. “Performance” | “CloudFlare” | “SEO”

As for this thread. Yes I think it’s getting a little TLDR. I was just reporting a problem with the current design, that’s it. To be honest I don’t really know why I am reading about the reasons of how it’s better than it was before.

There are many different routes to fix this, and whether or not this thread turns into a discussion about all those possibilities, or a debate as to whether it will be left alone. I think I’m done here.

Thanks.

https://dl.dropboxusercontent.com/u/2417799/Screen%20Shot%202013-12-04%20at%207.37.08%20PM.png

https://dl.dropboxusercontent.com/u/2417799/Screen%20Shot%202013-12-04%20at%207.30.23%20PM.png

Just to be sure we are talking about the same thing. I am talking about the horizontal header admin bar. I have not seen a gear for plugin defined menus in this location.

Ok followup on the last comment, this is not the plugin we are discussing, but this one https://www.ads-software.com/extend/plugins/wp-downloadmanager/

@rwilki Thanks for the link, this one https://osvdb.org/show/osvdb/92119 in particular caught my eye as the disclosure date was yesterday. I was thinking a hacker may have exploited a vulnerable link (or many of) on my site and caused a server overload, this is again just speculation by me.

I’m sorry, but I’m not an ignoramus. The biggest download on my site is 2MB. Not huge. I haven’t added a new download in 3 years.

I think I need to copy and paste what I wrote at the beginning of this thread, “Hello, I recently installed this plugin to replace Download Monitor that I’ve used for a few years now.”

All this happened only after I changed to Download Manager. Nothing really in download sizes from one plugin to another. But one caused a server overload some how, and another did not.

I have enabled the plugin again, and it is being monitored by my hosting provider, so I should be able to update this thread with more info if the same thing happens again.

Shaon,

Thanks for the reply. I received a response, but unfortunately it’s pretty general at the moment. To summarize, they said the wp-content/plugins/download-manager/process.php script was causing a server overload (I’m also on shared hosting). They couldn’t give me anymore information, but I replied asking for more if possible, I even referenced this thread in the ticket.

I’m still trying to get more specifics out of them. Everything I’ve said and looked for so far is just speculation by me. I’ll update this thread when I get something more concrete from them.

I have to be honest, if this is the first 20 lines of code I see, I’m pretty worried about the rest of this plugin.

I finally took a closer look at this file, and it’s pretty open.

There is no nonce in use here, and I see a possible mysql injection vulnerability here:
$data = $wpdb->get_row(“select * from ahm_files where id=’$id'”,ARRAY_A);

It also outputs full file paths on error for example:
die(“".dirname(__FILE__).'/cache/ is missing!’ );

This is just in the top 20 lines.

There is a ticket for the idea of the original concept of this thread in the trac.

I am pretty sure WordPress does not support the kind of setup you described in the first scenario, and anyone please correct me if I’m wrong.

Try something like this instead:

root/Blog/index.php
root/Blog/.htaccess
root/Blog/wp/[all-other-wordpress-files]

U mean update an empty .htaccess file back to the server?

Yes, you can simply rename the .htaccess file to htaccess.txt then see if that that fixes the error.