WordPress.org

Support

Support » Plugins and Hacks » [Resolved] Please notify when you fix the bug

[Resolved] Please notify when you fix the bug

  • I have a new WordPress site and I just tried to load this plugin (LeagueManager) and it took the site completely down. I had to remove the plugin folder for leaguemanger from FTP to get my site back up.

    Please advise when this bug will be fixed. Am looking forward to trying this plugin as I think it may be the perfect solution to a little league schedule of 9 different divisions. Thank you.

    http://wordpress.org/extend/plugins/leaguemanager/

Viewing 7 replies - 1 through 7 (of 7 total)
  • Having the same problem, please fix this bug……

    my site was taken down too after activating… this is my erro:

    Fatal error: Call to undefined function wp_get_current_user() in /home/content/XX/XXXXXXXX/XX/XX/XXXXXXXXX/wp-includes/capabilities.php on line 1281

    same problem here please fix it!!

    Plugin Author LaMonte Forthun
    Member

    @lamontef

    There have been a couple of solutions to the problem if you look at the forum list…

    Here’s what I did, which is slightly different than those solutions, but keeps the author’s intended user check in place:

    In the file leaguemanager.php, change the following lines (it’s the last line of the file):

    line 6:
    Version: 3.8
    to
    Version: 3.8.1

    line 101:
    $this->__construct();
    to

    //Security, check if current user is allowed to manage leagues
    
    	        if ( !current_user_can( 'manage_leagues' ) ) :
    	             echo '<p style="text-align: center;">'.__("You do not have sufficient permissions to access this page.").'</p>';
    	        else :
    	            $this->__construct();
    	        endif;

    Line 532:
    $lmLoader->adminPanel->export($_POST[‘league_id’], $_POST[‘mode’]);

    to:

    $lmLoader->adminPanel->export((int)$_POST[‘league_id’], $_POST[‘mode’]);

    Change those lines and you’ll update the version to 3.8.1 and get rid of the update notice, you’ll fix the exploit per a security firm’s suggestion and you’ll keep the check that was placed on the lmloader to ensure the user is allowed to manage leagues.

    How about just reverting back to the old version till they work out this bug?

    SOLUTION: Revert back to previous version (version 3.8) until author can address the latest release issue.

    Here is the link for previous verion: http://downloads.wordpress.org/plugin/leaguemanager.3.8.zip

    I did this and am working in it just fine now. Concerned about not being able to update… but hope the author fixes soon.

    Plugin Author LaMonte Forthun
    Member

    @lamontef

    The problem with reverting to 3.8 is that the update fixes a serious security exploit that has been identified and posted on a number of sites. Once it’s made public like that the hackers will get out and find sites that haven’t fixed it.

    At the very least, change line 532 in leaguemanager.php (listed above), so that the security problem is resolved…

    Plugin Author LaMonte Forthun
    Member

    @lamontef

    This has been fixed in the most recent revision, 3.8.3

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘[Resolved] Please notify when you fix the bug’ is closed to new replies.