Hi,
I’ve just looked a little further into this to help with the code fix.
I propose that lines 28-41 of stop-user-enumeration.php are changed to:
if ( ! is_admin() && isset($_SERVER['QUERY_STRING'])){
if(preg_match('/(wp-comments-post)/', $_SERVER['REQUEST_URI']) === 0 ) {
if (!empty($_POST['author'])) {
ll_kill_enumeration();
}
}
if(preg_match('/author=([0-9]*)/', $_SERVER['QUERY_STRING']) === 1)
ll_kill_enumeration();
}
I’ve made three changes here:
- Add an
isset() check at line 1 of the above snippet to avoid ‘undefined index’ error messages when there is no query string (e.g. we’re most likely running from CLI)
- Remove duplicate nested
is_admin() check – this shouldn’t be required.
- Remove duplicate call to
add_filter() – this is already performed outside of the if statement on line 43.
Can you please review these changes and consider merging them into your plugin? I believe they’ll fix the CLI warnings bug, plus clean up the code by removing some duplication.
Feedback welcome.
Thanks
