WordPress.org

Ready to get started?Download WordPress

Forums

Acunetix Secure WordPress
Secure WordPress and s2Members (1 post)

  1. CyberOto
    Member
    Posted 2 years ago #

    Hi,

    There is a bit of a problem when you have both plugins installed and in SecureWP you have checked Protect WordPress against malicious URL requests . This option do not allow URI to have above 255 bytes for normal users.

    In most cases this is perfectly fine, but when the s2Members plugin is enabled and do some checks for user level and stuff it can return URI parameters that are at least 230 bytes.

    In my case I have 30 bytes minimum in URI already and guess where are we headed =]

    So what did I do - simple check if the s2Member plugin is enabled and increase the default 255 bytes limit to say 355 =]

    in secure-wordpress.php search for function wp_against_malicious_url_request() and add this code:

    if (is_plugin_active('s2member/s2member.php'))
    	{
    		$request_URI = 355;
    		//do some more ?
    	}
    	else
    	{
    		$request_URI = 255;
    	}

    above if (strlen($_SERVER['REQUEST_URI']) > 255 || and modify this line to if (strlen($_SERVER['REQUEST_URI']) > $request_URI ||

    That is it - no more white pages for users that are trying to access a page that require higher access level.

    Regards,

    http://wordpress.org/extend/plugins/secure-wordpress/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic