Good plugin but needs updates for sure!!! - [StatComm (StatPress Community) Multisite Edition] Review | WordPress.org

reloi
(@reloi)

11 years, 11 months ago

This is a good plugin for what it does but you guys really need to work on having some better security to avoid mysql injection.

For example, on line 859 of the main plugin PHP file you have:
$blogids = $wpdb->get_col($wpdb->prepare("SELECT blog_id FROM $wpdb->blogs"));

It should be changed to the following to avoid any security concerns as well as the myriad warning that will pop up in browsers (especially a problem for non-developers who won’t know what the heck is going on…).

Line 859 should be changed to this:
$blogids = $wpdb->get_col($wpdb->prepare("SELECT blog_id FROM $wpdb->blogs WHERE id = %d", $id));

The topic ‘Good plugin but needs updates for sure!!!’ is closed to new replies.

0 replies
1 participant
Last reply from: reloi
Last activity: 11 years, 11 months ago