Support » Plugin: Stop User Enumeration » Horrible bug processing fs_* options

  • This plugin uses the horribly broken Freemius SDK.

    Freeminus pollutions the options table with hardcoded file path links, which are never rechecked.

    When sites migrate + file paths change, sites fail in odd ways + performance circles the drain.

    Avoid this plugin till they drop use of the Freeminus SDK or Freeminus fixes their code.

    Emailed Freeminus support requesting their code.

    Only way to recover this problem is to…

    1) Locate all plugins using Freemins. Using find on the command line is easiest.

    2) Remove all these plugins.

    3) Remove all fs_* options. Using wp-cli is one easy way.

    4) Reinstall all your plugins + reconfigure them from scratch.

    Then anytime you migrate to different server, repeat these steps.

    • This topic was modified 3 years, 5 months ago by David Favor. Reason: Added how to fix problem
Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Fullworks

    (@fullworks)

    Hi David,

    Thank you for bringing this to my attention.

    I added Freemius to get a better understanding of how the plugin is used, so improvements can be made, so far it told me that I have a large number of Spanish installs, so I added a Spanish translation. This sort of metric is just not available from WordPress.org.

    But clearly Freemius SDK is creating issues for you.

    I will raise this with Freemius support and also consider either removing Freemius or a way of working around the issues you see.

    I’ll update this thread when I get a response from Freemius.

    Plugin Author Fullworks

    (@fullworks)

    p.s.

    ref: “Emailed Freeminus support requesting their code.”

    the SDK code is here https://github.com/Freemius/wordpress-sdk

    Plugin Author Fullworks

    (@fullworks)

    Hi

    I have just tested migration ( using duplicator ) and the options fs_accounts does indeed hold a path in serialised data, and the paths were correctly changed. Any server migration needs to consider changing paths in serialised data held in the database, other wise you will get issues not just with plugins, but media files.

    I would respectfully suggest that your migration process does not handle serialised data, and as such your aspiration that there is a bug in Freemius and not to use my plugin maybe in fact due to your broken migation process.

    See https://codex.wordpress.org/Moving_WordPress

    Hi @dfavor,

    My name is Vova Feldman and I’m a lead dev at Freemius. I get your frustration and appreciate the feedback.

    First of all – we take full responsibility for the plugin migration issue, it’s not the plugin developer’s fault (CC: @fullworks). Secondary, I’d like to explain why we store paths.

    ~2% of WordPress users are still on 5.2 (no namespaces) and everything in WP has to be backward compatible. Therefore, we had to come up with a creative mechanism to automatically load and use the latest SDK version in the WP environment (multiple plugins and the theme can run the SDK). Not going to dive deep, but this mechanism is quite complex and has to store different paths while handling environments with symlinks.

    The mechanism does have a logic to “recover” from paths, symlinks, and other disk related changes. Unfortunately, as you experienced, it’s not bulletproof. With that said, it’s a rare occasion. I fact, it happened less than 0.001% of the installs (out of millions). We understand that when it happens it’s very frustrating and we constantly trying to make it better.

    Hence, I accept your recommendation and we already started to investigate our mechanism to see if we can get rid of the absolute paths and use relative paths instead as you suggested – to make it even more resilient. I hope we’ll release that fix as part of the next SDK version.

    So thanks again and sorry for the inconvenience.

    I am following this and also the changes added to this plugin. For now we have uninstalled and removed the plugin from all our installs until the plugin does what is supposed to do. I am so dissappointed about the recent additions and how it is handled.

    @mfjtf the plugin does exactly what is supposed to do. This is an edge case incident that was triggered upon migration of the site in a specific environment. As mentioned in my previous response, the risk is below 0.001% and if you are not migrating, this one is not even relevant to you. Plus, we will release a fix of the SDK which @fullworks will incorporate into the plugin.

    This IS relevant to me as we migrate site regularly.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Horrible bug processing fs_* options’ is closed to new replies.