Thanks for this excellent plugin! I find it very helpful.
The related plugin Block Bad Queries (BBQ) recently had a major upgrade and now identifies many more kinds of malicious URL requests. Unfortunately, Ultimate Security Checker (USC) 2.7.8 does not detect the enhanced protection provided by the BBQ upgrade. USC incorrectly warns that the site is vulnerable to malicious URL requests, even though it is actually protected by BBQ.
I have examined the code for both plugins and identified the problem: the upgraded BBQ plugin now searches for the substring
base64_of the standard PHP function names
base64_decode, whereas as USC generates a test URL containing the substring
base64(. Of course, this substring will not be found by BBQ, thereby generating a false positive in USC.
This can be easily fixed by modifying line 703 of the securitycheck.class.php file for the USC plugin:
'base64' => $this->gen_random_string(50).'base64('.$this->gen_random_string(50)
base64_to enable USC to recognize the protection provided by the new and improved BBQ.
Would you be willing to incorporate this fix into a future version of USC? That would be extremely helpful!
Thank you so much,
- The topic ‘base64 fix for compatibility with updated Block Bad Queries plugin’ is closed to new replies.