Overlooked bug?

  • Resolved viraladmin

    (@viraladmin)


    11 years, 3 months ago

    I suppose its not really “bug” unless you have to combat a TON of spam because of it, but let me explain.

    I have used the shortcode [WPBUSDIRMANADDLISTING] to create a custom page for users to be able to add listings. The page I created is a protected page so only administrators and editors can access the page and submit listings.

    I disabled the submit a listing button.

    The problem is – anyone who knows http://www.mysite.com/?action=submitlisting can still access the page. Disabling the button does not stop users from still accessing and submitting listings. I testing this on a clean install also, and at best I can check “must be logged in” which stops a lot, but still anyone who can create an account can then access the page with or without the link being displayed.

    Is there a way to completely disable the ?action=submitlisting so that one MUST be on my custom page to submit the listing? Is there anyway to really disable the abilty to submit listings at all? It would seem to me no matter what one does with this plugin, anyone who knows the page and the action call can then submit.

    http://wordpress.org/extend/plugins/business-directory-plugin/

Viewing 1 replies (of 1 total)
  • Plugin Author Business Directory Plugin

    (@businessdirectoryplugin)

    11 years, 3 months ago

    Hi viraladmin,

    Yes, you are correct–there’s no way to disable it completely so someone could use the URL directly. But I would agree that it’s not a bug either way. It is something we ought to prevent for those who have aggressive scripts or bots that can figure this out. We’ll add it to the list to update for a future release.

Viewing 1 replies (of 1 total)
  • The topic ‘Overlooked bug?’ is closed to new replies.