WordPress.org

Ready to get started?Download WordPress

Forums

Register Plus Redux
Removed? (21 posts)

  1. Philip
    Member
    Posted 2 years ago #

    Has Register Plus Redux been removed from the repository?

  2. theonenick
    Member
    Posted 2 years ago #

    Yeah, I am looking for it too for documentation and it isn't even showing up on the developers website... I am not far into my project so if I need to remove it, I am going to. Hopefully an answer comes soon.

  3. Philip
    Member
    Posted 2 years ago #

    A colleagues has pointed me to this which may provide the explanation: http://packetstormsecurity.org/files/view/103773/registerplus373-xss.txt

    Phil

  4. theonenick
    Member
    Posted 2 years ago #

    Awesome! Thanks for digging and letting us know.

  5. radiok
    Member
    Plugin Author

    Posted 2 years ago #

    I'm guessing people just kept complaining about that until someone in charge at the plugin repository removed Register Plus Redux. Which is ironic since the same XSS exists in Pie Register and Register Plus, the two plugins RPR replaces... The XSS exploit as I see it, could be executed on any of the vanilla registration fields, so there's nothing I've done to make a hole, it's a hold that's there with or without Register Plus Redux, so I'm a bit miffed that it's come to this.

  6. Philip
    Member
    Posted 2 years ago #

    Yeah it is strange that it's only gone now. Just found this from November '10: http://www.livehacking.com/tag/register-plus-plugin/

    I'm guessing it's just a case of someone getting round to it...

    @radiok Do you have any plans to get the holes patch and re-submitted to .org at all?

    Cheers,
    Phil

  7. radiok
    Member
    Plugin Author

    Posted 2 years ago #

    It's hard to say, I'm getting frustrated and disappointed with developing for WordPress. I enjoy contributing but find it to be a bit overwhelming, so I guess it's just wait and see for now.

  8. lcool
    Member
    Posted 2 years ago #

    Oh wow, I really was relying on this plugin! It was exactly what I needed, radiok!

    Well, on to the next thing - does anyone know if Cimy User Extra Fields has the same XSS problems?

  9. Nyhm
    Member
    Posted 2 years ago #

    I'd like to offer my encouragement to radiok to continue to support Register Plus Redux -- it's really a great plugin.

  10. Jason Kemp
    Member
    Posted 2 years ago #

    Hi radiok - I have a client who wants to use Redux if the security is sorted. We have had a look and think its not too big of a job. Perhaps we can help? BTW Register Plus was removed a while back but the Pie one is still on here but has no contact for the author & some notes say it has been abandoned.

  11. tworonin
    Member
    Posted 2 years ago #

    Ok, just so I am not misunderstanding this; @radiok you are stating that this vulnerability has nothing to do with your plugin and exists on a vanilla WP registration page? If this is so, shouldn't this be addressed/fixed within WP itself?

    I'm not trying to dispute what you're saying, I just want to make sure I am not misreading/misinterpreting this issue.

    Also, the sites which report this vulnerability in RPR say that it can be remedied by editing the source to properly sanitize the user input. Has anyone investigated and/or done this yet?

    I hope this can be resolved as this plugin is fantastic and has served me very well.

    Thanks!

  12. dactor12
    Member
    Posted 2 years ago #

    Hello

    I also have the same as dialogcrm status. We have a client and wish to encourage RadioK to continue on development of the plugin. And if interested we are welling to adopt the plugin and take it to the next commercial level.

    Thank RadioK.

    RS

  13. Nyhm
    Member
    Posted 2 years ago #

    @radiok Please consider addressing the input sensitization issue, even though it's consistent with the default WP login/registration (as I understand it to be). Then you could advertise your plugin as being "more secure than WordPress" and become an essential plugin for everyone. Just a thought. Best wishes.

  14. tworonin
    Member
    Posted 2 years ago #

    I'd just like to echo the sentiments expressed here and add my support and encouragement for @radiok to continue development. I'd even be willing to contribute/donate in some way.

    Thanks!

  15. petergus
    Member
    Posted 2 years ago #

    What timing!
    Although i can't seem to find to much about what this plugin does exactly it sounds like what i really need! Numerous blogs around the net all point to you!

    So while i can't contribute code-wise im happy to donate! And i do hope the security thing gets sorted out because infact i used to not care about security until i got hit :D

    subscribing...

  16. computercourage
    Member
    Posted 2 years ago #

    Radiok, more encouragement to keep up the good work and to see this issue resolved. Your plugin is excellent and very valuable to the WP community. We at Computer Courage are interested in helping you, you can contact us at adam@computercourage.com. Let's keep this alive.

  17. rcwatson
    Member
    Posted 2 years ago #

    Radiok, yet another encouragement to re-release Register Plus Redux. I have a need for it on a sub-site of a multi-site install.

    If you know of something I can use in the interim, I'm open to suggestions. Tried Pie Register, but it doesn't allow me to use it on sub-sites. Just on the main blog's login and registration.

  18. phylliserck
    Member
    Posted 2 years ago #

    radiok - thank you for the work you've done to keep Register Plus alive. There is clearly a need for this functionality in WordPress and I for one appreciate the work you have done to continue to provide this through this plugin.

    Keep up the great work.

  19. jwarcher
    Member
    Posted 2 years ago #

    I use Register Plus Redux on a semi-private site. I'm not greatly concerned about this, but am wondering how the attack would take place. Not looking for the code (obviously), but how it happens to see if my site is vulnerable. Does the attacker have to be able to post or comment on my blog for the attack to work? It doesn't sound like simply being able to register and then access protected pages on my site would make this a threat to me, but I want to be sure.

    Thanks for any thoughts.

  20. Gabriel Reguly
    Member
    Posted 2 years ago #

    Hi,

    I am willing to fix the so called holes, would radiok be interested in that?

  21. Tevya
    Member
    Posted 2 years ago #

    Thought I'm not a developer and can't offer to help as some of you great people have, I do want to say that this is an awesome plugin, and I'd love it if radiok began development again. Would those of you who volunteered to help be willing to work as part of a team that keeps this plugin updated, so radiok doesn't have to be overwhelmed with it?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic