Official Response

  • Resolved federipa

    (@federipa)


    10 years, 9 months ago

    Hello I need your assistance regarding your plugin WP Customer Reviews .
    The plugin works fine except for the fact that I can not post the answers to recesioni ( ie Official Response) .
    I can not in any way bonfire . I wanted to know if it is a bug in the plugin , or am I wrong somthing ?.

    VI Please answer I can not find the answer anywhere and I’m going crazy !!

    Thank you

    https://wordpress.org/plugins/wp-customer-reviews/

Viewing 6 replies - 1 through 6 (of 6 total)
  • gowebsol

    (@gowebsol)

    10 years, 9 months ago

    This is usually a theme isse where the conflict is in the CSS. Try changing themes to a basic theme and see if it still occurs. If it works, you will know there is conflict.

    Version 3 is due any day…that may fix it as well.

    Thread Starter federipa

    (@federipa)

    10 years, 9 months ago

    I do not think that re is a problem with the css because the system does not give me a way to save my own response to the review. in fact on the screen I see no submit button.

    I hope that I explained well and I made you understand my problem.

    Thank you

    gowebsol

    (@gowebsol)

    10 years, 9 months ago

    I understand. I still recommend you try switch to a different theme to troubleshoot the issue. Whether it’s in the theme code or the theme css, at least you’ll rule that out as an issue 🙂

    corsoduke

    (@corsoduke)

    10 years, 9 months ago

    Hey people, had the same issue here and found out something interesing, if you have recent versions of mysql client there´s a deprecated mysql function implemented on the file

    wp-customer-reviews/wp-customer-reviews-admin.php

    here´s what I did to fix it:

    Under this file for the plugin
    “wp-customer-reviews/wp-customer-reviews-admin.php”
    , we remove all the mysql_real_escape_string function leaving only the variable asignation;
    From this:

    $update_col = mysql_real_escape_string($col);
$update_val = mysql_real_escape_string($d2);

    To this:

    $update_col = $col;
$update_val = $d2;

    Note: there are about 6 lines where this function is used make sure all are removed.

    And to accomplish our SQL injection security function that we just remove we do the following:

    We change this lines:

    if ($update_col !== false && $update_val !== false) {
    $query = "UPDATE '$this->dbtable' SET '$update_col'='$update_val' WHERE 'id'={$this->p->r} LIMIT 1";
    $wpdb->query($query);
    echo $show_val;
}

    to this:

    if ($update_col !== false && $update_val !== false) {
    $query = "UPDATE '$this->dbtable' SET '$update_col'='$update_val' WHERE 'id'={$this->p->r} LIMIT 1";
    $queryFixed = $wpdb->prepare($query, $update_col);
    $wpdb->query($queryFixed);
    echo $show_val;
}

    From WordPress documentation $wpdb->prepare() is used to avoid SQL Injection on our current query, this should do the trick.

    Thread Starter federipa

    (@federipa)

    10 years, 8 months ago

    Thanks very mutch corsoduke!!

    i try!!

    Plugin Author Aaron Queen

    (@bompus)

    10 years, 8 months ago

    Version 3.0.0 fixes this issue 🙂 It was just pushed out, so give it a try.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Official Response’ is closed to new replies.