WordPress.org

Support

Support » Plugins and Hacks » Advanced iFrame » [Resolved] [Plugin: Advanced iframe] Security risk with WPTouch and WordPress Android

[Resolved] [Plugin: Advanced iframe] Security risk with WPTouch and WordPress Android

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author mdempfle

    @mdempfle

    But then this is actually a bug of WPTouch if the shortcode is not processed properly.

    I’ll check if there is a workaround.

    – Michael

    Plugin Author mdempfle

    @mdempfle

    And about the security risk: Advanced iframe then is as save as any other iframe implementations! So there is no risk at all from outside.

    Actually the scene has changed with the recent update to WordPress for Android. With or without WPTouch, the shortcode is displayed rather than the intended iFrame. The website is using WP 3.3.1 and my phone is an HTC Desire HD.

    If you would like to see this in action check http://qbuster.net on your Android mobile.

    Plugin Author mdempfle

    @mdempfle

    I don’t see an iframe or the code at this page. Is it still there?

    Yes it is still there.

    I’m using WordPress for Android (WPforA) version 2.0.3 on an HTC Desire HD running Android v 2.3.3.

    Using the HTC I log into http://qbuster.net and select Pages. There are 2 pages. Welcome is a normal WP page.

    Pages 2,3 & 4 (Family Treee, Familiy Tree Analysis and Images of nb Quidditch are all iFrames created with the help of a shortcode from the plugin Advanced iFrames. All of these display the respective shortcode reference which starts with [advanced_iFrame security_id=”??????” path=’path’]

    Of course, it we visit http://qbuster.net via a laptop or PC we see the correctly invoked iFrames.

    If you are not seing that, which mobile are you using and which vof Android and WPforA?

    Thanks for following this….

    Regards

    Will

    Plugin Author mdempfle

    @mdempfle

    I use a Samsung Galaxy S2 with Android 2.3.4.

    There all iframes are displayed (as far as I can see) and no shortcode is shown.

    OK, so that puts Android v2.3.3 on the suspect list. I’ve been informed that an upgrade to 2.3.5 is imminent but I’m not holding my breath.

    I’ll go on an HTC Desire forum and get some people to test it.

    Meanwhile, is it possible that I have another app that is conflicting? Seems unlikley to me; perhaps I’ll grab the WPforA source and see if I can trace the problem via the APK.

    regards

    Will

    Plugin Author mdempfle

    @mdempfle

    Please tell me if you have any news because at this point the shortcode seems not to be parsed properly by the other plugin.

    Have you tried with a very short security code?

    Plugin Author mdempfle

    @mdempfle

    Any news on this? Otherwise i’ll set this to resolved.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘[Resolved] [Plugin: Advanced iframe] Security risk with WPTouch and WordPress Android’ is closed to new replies.
Skip to toolbar