WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Breaks FeedWordPress (6 posts)

  1. enderandrew
    Member
    Posted 3 years ago #

    FeedWordPress calls ?update_feedwordpress=1 which breaks with this

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    Ok thanks for the heads up. I'll put this plugin on my testing list. Try this htaccess fix and see if it works.

    # FeedWordPress - possible fix - pending verification
    RewriteCond %{QUERY_STRING} update_feedwordpress=(.*) [NC]
    RewriteRule . - [S=30]

    This has a very slim chance of working because the word "update" is blocked in the SQL Injection filter. If you remove "update" from the SQL Injection filter then it will most likely solve the problem, but do this at your own risk. Once i have a chance to do some testing I will hopefully be able to come up with a better solution that does not leave a possible security vulnerability on your site. Thanks.
    Ed

  3. enderandrew
    Member
    Posted 3 years ago #

    Thanks! That worked.

  4. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    Did the htaccess Skip rule work? Or did you have to remove "update" from the SQL Injection Filter? Thanks.
    Ed

  5. enderandrew
    Member
    Posted 3 years ago #

    I made both changes. Testing them individually, it looks like either will work.

  6. AITpro
    Member
    Plugin Author

    Posted 3 years ago #

    Awesome! Now that is a nice surprise. :) Ok the skip rule is the one you want to use so you should leave "update" in the SQL Injection Filter, which I'm sure you did. "Update" is definitely an SQL word / command that you want to filter. Thanks!!!
    Ed

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic