[Plugin: BulletProof Security] Breaks FeedWordPress | WordPress.org

Resolved enderandrew
(@enderandrew)

15 years, 2 months ago

FeedWordPress calls ?update_feedwordpress=1 which breaks with this

http://wordpress.org/extend/plugins/bulletproof-security/

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author AITpro
(@aitpro)

15 years, 2 months ago
Ok thanks for the heads up. I’ll put this plugin on my testing list. Try this htaccess fix and see if it works.
```
# FeedWordPress - possible fix - pending verification
RewriteCond %{QUERY_STRING} update_feedwordpress=(.*) [NC]
RewriteRule . - [S=30]
```
This has a very slim chance of working because the word “update” is blocked in the SQL Injection filter. If you remove “update” from the SQL Injection filter then it will most likely solve the problem, but do this at your own risk. Once i have a chance to do some testing I will hopefully be able to come up with a better solution that does not leave a possible security vulnerability on your site. Thanks.
Ed
Thread Starter enderandrew
(@enderandrew)

15 years, 2 months ago

Thanks! That worked.

Plugin Author AITpro
(@aitpro)

15 years, 2 months ago

Did the htaccess Skip rule work? Or did you have to remove “update” from the SQL Injection Filter? Thanks.
Ed

Thread Starter enderandrew
(@enderandrew)

15 years, 2 months ago

I made both changes. Testing them individually, it looks like either will work.

Plugin Author AITpro
(@aitpro)

15 years, 2 months ago

Awesome! Now that is a nice surprise. 🙂 Ok the skip rule is the one you want to use so you should leave “update” in the SQL Injection Filter, which I’m sure you did. “Update” is definitely an SQL word / command that you want to filter. Thanks!!!
Ed

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘[Plugin: BulletProof Security] Breaks FeedWordPress’ is closed to new replies.

5 replies
2 participants
Last reply from: AITpro
Last activity: 15 years, 2 months ago
Status: resolved