WordPress.org

1. enderandrew
   Member
   Posted 2 years ago #
   

   FeedWordPress calls ?update_feedwordpress=1 which breaks with this

   http://wordpress.org/extend/plugins/bulletproof-security/

2. AITpro
   Member
   Plugin Author
   Posted 2 years ago #
   

   Ok thanks for the heads up. I'll put this plugin on my testing list. Try this htaccess fix and see if it works.

   # FeedWordPress - possible fix - pending verification
   RewriteCond %{QUERY_STRING} update_feedwordpress=(.*) [NC]
   RewriteRule . - [S=30]

   This has a very slim chance of working because the word "update" is blocked in the SQL Injection filter. If you remove "update" from the SQL Injection filter then it will most likely solve the problem, but do this at your own risk. Once i have a chance to do some testing I will hopefully be able to come up with a better solution that does not leave a possible security vulnerability on your site. Thanks.
   Ed

3. enderandrew
   Member
   Posted 2 years ago #
   

   Thanks! That worked.

4. AITpro
   Member
   Plugin Author
   Posted 2 years ago #
   

   Did the htaccess Skip rule work? Or did you have to remove "update" from the SQL Injection Filter? Thanks.
   Ed

5. enderandrew
   Member
   Posted 2 years ago #
   

   I made both changes. Testing them individually, it looks like either will work.

6. AITpro
   Member
   Plugin Author
   Posted 2 years ago #
   

   Awesome! Now that is a nice surprise. :) Ok the skip rule is the one you want to use so you should leave "update" in the SQL Injection Filter, which I'm sure you did. "Update" is definitely an SQL word / command that you want to filter. Thanks!!!
   Ed

Topic Closed

This topic has been closed to new replies.