Incorrectly Named DB Tables & PHP Notices

Hey Gioni,

First off, I love this plugin. Great work. 🙂

There are couple bugs that need fixing.

The database tables that the plugin sets up aren’t using WordPress table prefixes. When I looked at the database, the tables the plugin created are named: “cerber_acl”, “cerber_blocks”, and “cerber_log”. This has happened on every site we installed it on. One thing to note, for security reasons, we always change the WP DB prefix, so our tables are never prefixed with “wp_”, but rather a custom prefix for each site. This is initially set in the wp-config.php with the variable $table_prefix and can be called later with $wpdb->prefix. More info here: https://codex.wordpress.org/Class_Reference/wpdb

All new tables a plugin creates should be using the WordPress table prefix.

Currently in wp-cerber.php on lines 33-35, you have the following:

define('CERBER_LOG_TABLE','cerber_log');
define('CERBER_ACL_TABLE','cerber_acl');
define('CERBER_BLOCKS_TABLE','cerber_blocks');

but it should be something more like this:

global $wpdb;
define('CERBER_LOG_TABLE',$wpdb->prefix.'cerber_log');
define('CERBER_ACL_TABLE',$wpdb->prefix.'cerber_acl');
define('CERBER_BLOCKS_TABLE',$wpdb->prefix.'cerber_blocks');

You would need to add some code to convert any existing tables with the old names.

Also, since we run all our sites and some production sites with WP_DEBUG on 24/7 (logging only, not visual error display) we get the following regularly in our debug.log:

Undefined index: xmlrpc in /XXXXXXXX/wp-content/plugins/wp-cerber/wp-cerber.php on line 256

I know it may seem small, but one of our coding standards is to always initialize variables so these don’t happen. (Or run an isset()/empy() check before using a variable.)

Thanks in advance for fixing these. Keep up the great work.

– Scott

https://wordpress.org/plugins/wp-cerber/