WordPress.org

Ready to get started?Download WordPress

Plugin Reviews

Postcards

Transform every WordPress gallery in a postcards system!

Average Rating
1 star
1.9 out of 5 stars
You are currently viewing the reviews that provided a rating of 2 stars. Click here to see all reviews.
2 stars
Typo causing problems, NO security, otherwise works well
By , for WP 3.5

There are 3 typos (or programming errors?) in the plugin.php file. One of the post options is called 'postcards_enabled', but in 3 places in that file the author entered it as 'postcards_enable' (without the "d" at the end). This causes the per-page enable/disable override feature to not work.

The Changelog indicates version 1.2.1 was to fix this very problem, but this is obviously not the case.

EASY FIX: Use the plugin editor feature on your WP Dashboard. If you text search through plugin.php for the string postcards_enable' (with the trailing single quote!) and add the letter "d" making it read postcards_enabled' (note the "d" at the end of the word!) it will work.

After making that fix, it seems to WORK AS ADVERTISED. Basically, it adds some javascript/jQuery into the footer that auto-magically adds the "send as e-card" link under each image on a gallery page. The feature can be either enabled or disabled globally (site-wide) for all gallery pages, with an enable/disable option on individual pages to override the global setting.

It has a nice look to it, and should integrate into most themes with little difficulty.

The main drawback is that there is no CAPTCHA or other method to prevent a postcard from being accessed remotely and used for spamming, as in this example:

http://example.com/?ecimg=example.com/wp-content/uploads/2013/01/IMG_3410.jpg&ecurl=example.com/?p=2302

This is a SERIOUS FLAW, the ramifications of which should be seriously considered before implementing this plugin on a live site!

The author should implement the following security features to make this a nifty little plugin:

  • Add referrer check to email sending routine (not foolproof but at least a start)
  • Add a CAPTCHA to email sending routine

As for support ... The "help" page on the author's website gives a 404 (page not found) error, and the author's forum seems to be out of date (version 1.0.3 is listed as newest). The lack of FAQ and Screenshots entries on the plugin page on WP repository, along with the lack of responses to the two questions on the WP plugin forum, all lead me to believe that this plugin is not well-supported.

Nevertheless, it does seem to work as advertised after a little "fixing." And the simplicity of the internals means it should continue to work with new releases of WP -- or at most require a little more manual tweaking. I'm giving it 4 stars for its elegant simplicity, in spite of the need for a manual fix by the WP admin. But I'm subtracting 2 stars due to the lack of any spam prevention. Too bad, because I really wanted to like this plugin ...

You must log in to submit a review. You can also log in or register using the form near the top of this page.