Insecure inclusion of file and rant about support forum

[aschne]

Hi,

after updating to 4.3.1 the following error message pops up in my WordPress pages:

Warning: file_get_contents() [function.file-get-contents]: http:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /my-path-to-wp-content/plugins/ultimate-tinymce/includes/jwl_rocket.php on line 21

Warning: file_get_contents(http://www.soizastudios.com/rocket/output.txt) [function.file-get-contents]: failed to open stream: no suitable wrapper could be found in /my-path-to-wp-content/plugins/ultimate-tinymce/includes/jwl_rocket.php on line 21

It seems that you have not used relative links in getting some input file in a insecure way! I will definitely not change my server configuration.

Although it is a mystery to me why you would include that file from Soizastudios.

Could you please fix this asap?

BTW, the above message could not be posted on your support forum because Akismet regarded this as a SPAM message. #epic-fail

Best
Alex

http://wordpress.org/extend/plugins/ultimate-tinymce/

[Josh]

Hello aschne, and thank you for your message!

Well, the included file is a test file we are going to use for implementing a new feature called “Visual QR Codes”. We have been contacted by a company who is breaking ground on this new type of QR code… and we want to be the first to bring it to WP, via our plugin.

There is a HUGE API which we must learn and implement into the plugin, in order to make this work successfully. So, it will be a work on progress over the next couple of updates. I will certainly take another look at the code and make sure I am including it properly.. and only when needed.

Regarding the forum… I apologize. It’s probably because I am using forum software from the 1980’s ;). If you try again after 20 minutes or so… you should be able to post fine. This is a small “glitch” I have yet to find in the source code.

I will post back as I make some progress with this.

Again.. Thank you!

[Josh]

Okay. Please re-install version 4.3.1 and see if that fixes the warning.

Again.. thank you VERY much for bringing this to my attention.

[aschne]

Hi Josh,

thanks, the bug is fixed in version 4.3.1.1.

I want to thank you for providing such a useful plugin and I know that this is a huge commitment in time and energy from your side.

Unfortunately the feature creep in your plugin is something that I do not need and the cross-effects of adding functionality seems to hurt the stability.

I am sad that I have made the decision to go for another TinyMCE plugin which just provides the TinyMCE editor and almost nothing else.

I value stability much higher than additional features.

I wish you all the best for the future.

Take care
Alex

[Josh]

I completely understand Alex… and I’m very sorry to see you go.

The only thing I can say is this is open-source software. It is not a premium software where you are paying for stability or security… although I highly value both!

Being so… as I am human… mistakes sometimes do happen. I have nothing but the best intentions for my users… always and forever!

With each decision I make with the plugin… I am pleasing some… while angering others.. lol. It’s just like the old saying… you can please some of the people all of the time… all of the people some of the time… but you can never please all of the people all of the time 🙂

Here is what we are attempting to do with the visual qr code:
http://www.visualead.com

And here is a simplified example:
http://www.qrstuff.com/blog/2013/02/10/qrstuff-qr-codes-go-visual

It is really cool stuff… and new 🙂

So… if there is anything I can do to keep you as a satisfied user.. please let me know. And… either way… I wish you much success in your online endeavors!