WordPress.org

Ready to get started?Download WordPress

Forums

LeagueManager
[resolved] Please notify when you fix the bug (8 posts)

  1. tpdoo
    Member
    Posted 1 year ago #

    I have a new WordPress site and I just tried to load this plugin (LeagueManager) and it took the site completely down. I had to remove the plugin folder for leaguemanger from FTP to get my site back up.

    Please advise when this bug will be fixed. Am looking forward to trying this plugin as I think it may be the perfect solution to a little league schedule of 9 different divisions. Thank you.

    http://wordpress.org/extend/plugins/leaguemanager/

  2. kteddiey
    Member
    Posted 1 year ago #

    Having the same problem, please fix this bug......

  3. julyprum
    Member
    Posted 1 year ago #

    my site was taken down too after activating... this is my erro:

    Fatal error: Call to undefined function wp_get_current_user() in /home/content/XX/XXXXXXXX/XX/XX/XXXXXXXXX/wp-includes/capabilities.php on line 1281

  4. yourih
    Member
    Posted 1 year ago #

    same problem here please fix it!!

  5. LaMonte Forthun
    Member
    Plugin Author

    Posted 1 year ago #

    There have been a couple of solutions to the problem if you look at the forum list...

    Here's what I did, which is slightly different than those solutions, but keeps the author's intended user check in place:

    In the file leaguemanager.php, change the following lines (it's the last line of the file):

    line 6:
    Version: 3.8
    to
    Version: 3.8.1

    line 101:
    $this->__construct();
    to

    //Security, check if current user is allowed to manage leagues
    
    	        if ( !current_user_can( 'manage_leagues' ) ) :
    	             echo '<p style="text-align: center;">'.__("You do not have sufficient permissions to access this page.").'</p>';
    	        else :
    	            $this->__construct();
    	        endif;

    Line 532:
    $lmLoader->adminPanel->export($_POST['league_id'], $_POST['mode']);

    to:

    $lmLoader->adminPanel->export((int)$_POST['league_id'], $_POST['mode']);

    Change those lines and you'll update the version to 3.8.1 and get rid of the update notice, you'll fix the exploit per a security firm's suggestion and you'll keep the check that was placed on the lmloader to ensure the user is allowed to manage leagues.

  6. tpdoo
    Member
    Posted 1 year ago #

    How about just reverting back to the old version till they work out this bug?

    SOLUTION: Revert back to previous version (version 3.8) until author can address the latest release issue.

    Here is the link for previous verion: http://downloads.wordpress.org/plugin/leaguemanager.3.8.zip

    I did this and am working in it just fine now. Concerned about not being able to update... but hope the author fixes soon.

  7. LaMonte Forthun
    Member
    Plugin Author

    Posted 1 year ago #

    The problem with reverting to 3.8 is that the update fixes a serious security exploit that has been identified and posted on a number of sites. Once it's made public like that the hackers will get out and find sites that haven't fixed it.

    At the very least, change line 532 in leaguemanager.php (listed above), so that the security problem is resolved...

  8. LaMonte Forthun
    Member
    Plugin Author

    Posted 1 year ago #

    This has been fixed in the most recent revision, 3.8.3

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.