Support » Plugin: Constant Contact for WordPress » Notice from WPEngine re: hardening the PHP function putenv

  • Resolved Pam Blizzard

    (@pdblizzard)


    Just got an email from WPEngine, pointing out we are using this plugin and ramifications of changes they are making to PHP:

    We are contacting you today to inform you of a change we are making on the WP Engine platform, to further improve the security of the site(s) you host with us.

    On July 20, 2016, we will be hardening the PHP function putenv based on industry best practices for all PHP applications.

    You are receiving this message because we have detected the use of putenv on your WordPress install(s) and plugins listed below:

    pdblizzard| Plugin: constant-contact-api

    Note: You are currently listed as the technical contact for the install(s) listed above. If you would like to update this information please consult this article.

    How this affects you

    After Wednesday, July 20, 2016, you will no longer be able to set system-level environment variables using putenv. Any environment variables you set with putenv will be available in your WordPress site’s code as it normally would.

    Most WordPress related code does not rely on the ability to set system-level variables, therefore, it is unlikely that you will see any negative impact due to this change.

    If you are not sure if your use of putenv will be impacted, please reach out to the developer of the plugin(s) listed above, to determine if any changes will be need to be made to your theme or plugin.

    Thank you for the opportunity to deliver a secure, fully managed platform to host your site.

    – WP Engine Security Team

    Will there be an update?

    https://wordpress.org/plugins/constant-contact-api/

Viewing 3 replies - 1 through 3 (of 3 total)
  • In the case of wp-ultimate-recipe, the email was a false positive.

    PHP function putenv and WP Engine

    Look through the plugin code and make sure that function is actually being called and not part of a comment.

    Dude, you just hijacked my thread. Your mileage via this issue may vary.

    I’d like to hear from the developer of THIS plugin.

    Thanks 🙂

    Plugin Author Zack Katz

    (@katzwebdesign)

    Hi Pam – The plugin doesn’t use the putenv() function. I just confirmed that with a search. I can’t even find it in a code comment, which is weird. Maybe you’re using an older version of the plugin?

    Thanks for the heads-up, Cameron. I didn’t know it was a WP Engine issue.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.