base64 fix for compatibility with updated Block Bad Queries plugin

  • Fred Chapman

    (@fwchapman)


    11 years, 5 months ago

    Thanks for this excellent plugin! I find it very helpful.

    The related plugin Block Bad Queries (BBQ) recently had a major upgrade and now identifies many more kinds of malicious URL requests. Unfortunately, Ultimate Security Checker (USC) 2.7.8 does not detect the enhanced protection provided by the BBQ upgrade. USC incorrectly warns that the site is vulnerable to malicious URL requests, even though it is actually protected by BBQ.

    I have examined the code for both plugins and identified the problem: the upgraded BBQ plugin now searches for the substring base64_ of the standard PHP function names base64_encode and base64_decode, whereas as USC generates a test URL containing the substring base64(. Of course, this substring will not be found by BBQ, thereby generating a false positive in USC.

    This can be easily fixed by modifying line 703 of the securitycheck.class.php file for the USC plugin:

    'base64' => $this->gen_random_string(50).'base64('.$this->gen_random_string(50)

    Simply change base64( to base64_ to enable USC to recognize the protection provided by the new and improved BBQ.

    Would you be willing to incorporate this fix into a future version of USC? That would be extremely helpful!

    Thank you so much,

    Fred Chapman

    http://wordpress.org/extend/plugins/ultimate-security-checker/

Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘base64 fix for compatibility with updated Block Bad Queries plugin’ is closed to new replies.