Ultimate Security Checker
base64 fix for compatibility with updated Block Bad Queries plugin (6 posts)

  1. fwchapman
    Posted 3 years ago #

    Thanks for this excellent plugin! I find it very helpful.

    The related plugin Block Bad Queries (BBQ) recently had a major upgrade and now identifies many more kinds of malicious URL requests. Unfortunately, Ultimate Security Checker (USC) 2.7.8 does not detect the enhanced protection provided by the BBQ upgrade. USC incorrectly warns that the site is vulnerable to malicious URL requests, even though it is actually protected by BBQ.

    I have examined the code for both plugins and identified the problem: the upgraded BBQ plugin now searches for the substring base64_ of the standard PHP function names base64_encode and base64_decode, whereas as USC generates a test URL containing the substring base64(. Of course, this substring will not be found by BBQ, thereby generating a false positive in USC.

    This can be easily fixed by modifying line 703 of the securitycheck.class.php file for the USC plugin:

    'base64' => $this->gen_random_string(50).'base64('.$this->gen_random_string(50)

    Simply change base64( to base64_ to enable USC to recognize the protection provided by the new and improved BBQ.

    Would you be willing to incorporate this fix into a future version of USC? That would be extremely helpful!

    Thank you so much,

    Fred Chapman


  2. alternateroute
    Posted 3 years ago #

    That worked. Thanks a lot!

  3. fwchapman
    Posted 3 years ago #

    This issue still exists in USC 2.7.10.

  4. alternateroute
    Posted 2 years ago #

    In USC 2.7.10 the line to be changed has moved to 709.

  5. Reed Gustow
    Posted 2 years ago #

    It does work. If you don't have a line counter, you can Control-F or Command-F search (Windows or Mac respectively) to fined base64( and replace it with base64_

  6. Reed Gustow
    Posted 2 years ago #

    I get 114 of 115 points, but I still see the line in the Code Check section: Core files check cancelled. Please wait till update of this plugin.

    I have the latest version, 2.7.10. How can I get that last little point? Thanks!

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Ultimate Security Checker
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic