WordPress.org

Ready to get started?Download WordPress

Forums

Kimili Flash Embed
[resolved] security / swfobject.js in WP newer than Google (7 posts)

  1. kitchin
    Member
    Plugin Contributor

    Posted 2 years ago #

    Thanks for this plugin. I have 2 fixes:

    1. Most important, WP 3.3.2 is shipping with an updated swfobject.js (version 2.2-20120417) which has a possible security fix patched onto the 2.2 version provided Google and this plugin. This is especially important because the plugin deregisters the better WP version. Development of Swfobject 2.3 seems to be on Github, not at Google. The diff here: http://core.trac.wordpress.org/changeset/20499 is the diff between the older Google version and the newer WP version, and the issue may be IE9-only.

    2. Some warning notices when in WP_DEBUG mode.

    Notice: wp_deregister_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or init hooks.
    Notice: wp_enqueue_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or init hooks.
    Notice: has_cap was called with an argument that is deprecated since version 2.0! Usage of user levels by plugins and themes is deprecated. Use roles and capabilities instead.

    I have a patched version of the plugin I will post here.

    http://wordpress.org/extend/plugins/kimili-flash-embed/

  2. kitchin
    Member
    Plugin Contributor

    Posted 2 years ago #

    My fixes are in this version of kml_flashembed.php :
    http://pastebin.com/VTB4UxSg

    The diff is indicated by comments in the code.

  3. Kimili
    Member
    Plugin Author

    Posted 2 years ago #

    Thanks for finding these issues, Kitchin. I'll roll them into the plugin, test it out and release an update as time allows.

  4. kitchin
    Member
    Plugin Contributor

    Posted 2 years ago #

    Thank you for your plugin, it has saved me a lot of time.

  5. kitchin
    Member
    Plugin Contributor

    Posted 2 years ago #

    Found one bug in my code. New version is 2012/05/28, fix is at line 55.

    http://pastebin.com/VTB4UxSg

  6. kitchin
    Member
    Plugin Contributor

    Posted 2 years ago #

    Ah, found another one. One javascript is admin-only, the other is public only. Each should now be enqueued correctly.

    http://pastebin.com/VTB4UxSg
    ver. 2012/05/29

  7. Kimili
    Member
    Plugin Author

    Posted 2 years ago #

    Thanks again, Kitchin. I've just tagged a new release (2.3) which incorporates a modified version of your updates.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic