WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: TDO Mini Forms] SECURITY WARNING: Personal files deleted (3 posts)

  1. adam.codefor
    Member
    Posted 5 years ago #

    I have the TDO Mini Forms plugin on a blog that I have installed locally using WAMP. I went to delete a post (using the wordpress CMS) and up came a page of errors from TDO Mini Forms php files. The next thing I noticed was my music stops playing - on further inspection all my documents files have been DELETED only the folders remain. This has really messed up a lot of things for me and I a certain this plugin is to blame, for a plugin to remove and perminantly delete personal files is totally unaceptable.

    I did not manage to note any of the bugs as I closed my browser page before I noticed all my personal files had been deleted. An explanation as to how this could happen and any help on getting my delted files back would be appriciated, I estimate around 40 gig of music files alone was deleted and they don't appear in my recyle bin.

  2. adam.codefor
    Member
    Posted 5 years ago #

    Wondering if the same might happen when its uploaded to my web space. Is there any risk of it deleting files there aswell??

    This really needs to be addressed

  3. the_dead_one
    Member
    Posted 5 years ago #

    I am aware of the problem and I've already created a fix but I haven't fully tested the release enough. Will be avaliable tomorrow.

    This problem only occurs on Windows hosts (where the directory separator in file path names is '\'). It should not affect Linux or Unix hosts (i.e. the vast majority of hosts).

    I've posted to the wp-hackers list about the cause of it:

    http://comox.textdrive.com/pipermail/wp-hackers/2009-February/024603.html

    Additional information at these links (some of which should be avaliable from the dashboard of TDO Mini Forms inside WordPress' admin as well):

    http://thedeadone.net/forum/?p=1438
    http://thedeadone.net/forum/?p=1668
    http://thedeadone.net/blog/warning-about-using-tdo-mini-forms-on-windows-hosts/

    And the comment thread on

    http://thedeadone.net/blog/a-christmass-gift-to-all-tdo-mini-form-users/#comments

Topic Closed

This topic has been closed to new replies.

About this Topic