yoni y

Sure thing.
I was trying to look if you have a github repo to send pull requests but I couldn’t find it.

Hi @mattyrob
This issue doesn’t really affect me personally as I already patched my subscirbe2 code.
The Not sure if the lockout mechanism is good enough as there should be some maximum limit to how many time and address can be subscribed.

also 1 hour is hardly enough of a block time (I see subscribe attempts 4 hours a part)

I’m pretty sure this is a targeted attack specifically targeting subscribe2 installs so it’s better to enable the locking mechanism by default (and allow users to modify it in the settings).

Bummer.
Would you care for a pull request or is it a feature you don’t want to add in?

Thank you for replying Weston.
I was actually wondering if there is some generic shortcode already builtin with the plugin like [amp-only] [amp-exclude] so I wont have to add them myself.

Hi mike thank you for your reply
I’ve opened a ticket in core -https://core.trac.www.ads-software.com/ticket/32482#ticket

I think explaining the general security issues with direct access to php include files might be a bit too complex for me to explain in this forum (but I’m sure there are some explanations about this issue online).

As with most security best practice there might not be any way to exploit this issue at the moment but its better to take preventive action and block access where it is not needed than to wait for someone to exploit the system

oh I wish I could remember what those changes were ??
(I think there were some js issues and I made some changes on my local version but I’ll need to check).

You can email me to any address in the domain non.co.il

sorry just noticed the lines are actually 106-107 and not 105-106

Ok.
so of course disabeling the plugins didn’t work.
(the bug stays when all other plugins are but the wpml are desabled
and desabling the wpml plugin make the entire translated blog in accessible).

but for some reason disabling other plugins got wordpress spit out a bunch of notices related to the tag data.
so after about two hours of hacking at the code I figuerd out whats going wrong.

apperantly WPML calls it’s “tax_permalink_filter” twice on tags.
this adds the /en/en.

the reason for it is that WPML add the filter both for tag_link and term_link, and I guess some thing has changed in wordpress 3.1 since looking at the taxonomy.php you can see that now (I’m not sure about before but since this bug is new I guess it was diffrent) all links get the term_filter and there own filter line 2867 – 2872->
if ( ‘post_tag’ == $taxonomy )
$termlink = apply_filters( ‘tag_link’, $termlink, $term->term_id );
elseif ( ‘category’ == $taxonomy )
$termlink = apply_filters( ‘category_link’, $termlink, $term->term_id );
return apply_filters(‘term_link’, $termlink, $term, $taxonomy);

so what I did for now is comment out line 105 which adding the filter to the tag link in wpml file sitepress.class.php line 105-106 ->
//add_filter(‘tag_link’, array($this, ‘tax_permalink_filter’),1,2);
add_filter(‘term_link’, array($this, ‘tax_permalink_filter’),1,2);

I don’t think this will cause any other problems, but I don’t understand how nobody else using the wpml doesn’t have the same problem as I am

The problem is that if I’ll deactivate the wpml theme.
I don’t think this section of the site will work at all because
there won’t be any multilangual support any more.

I will try to deactivate all the other plugins.
but I find it hard to belive they have anything
to do with it since I have nothing relevant to the tag cloud.