WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[Plugin: Better WP Security] Random version number tweak strips all script query parameter (4 posts)

  1. MrGamgee
    Member
    Posted 2 years ago #

    The System Tweak "Display random version number to all non-administrative users" is an obscurity feature which strips the version number on scripts in the front-end header.

    However, it does this by (lazily) removing all query parameters from all script source links. This of course breaks any scripts which have parameters other than a version number. For example,
      http://fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,700|Shadows+Into+Light+Two
    becomes
      http://fonts.googleapis.com/css
    And
      http://maps.googleapis.com/maps/api/js?sensor=false
    becomes
      http://maps.googleapis.com/maps/api/js

    Basically, it will break any Google API script.

    The function to blame is remove_script_version() on line 825 of better-wp-security/inc/secure.php

    Function as is:

    function remove_script_version( $src ){
      $parts = explode( '?', $src );
      return $parts[0];
    }

    My improved version:

    function remove_script_version( $src ){
      $parts = explode( '?ver=', $src, 2 );
      if ( count($parts) == 1 ) {
        $parts = explode( '&ver=', $src, 2 );
      }
      return $parts[0];
    }

    It would be great if this could be fixed in the next release.

  2. Lab Lover
    Member
    Posted 2 years ago #

    I am modifying my secure.php, as per your suggestion, to see if it makes a difference.

    Thanks for your post.

  3. Collin
    Member
    Posted 2 years ago #

    YES! That fixed it! Thanks for figuring that out! Please incorporate this into the next release.

  4. jrf
    Member
    Posted 2 years ago #

    +1

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic