WordPress.org

Support

Support » Plugins and Hacks » [Plugin: Better WP Security] Random version number tweak strips all script query parameter

[Plugin: Better WP Security] Random version number tweak strips all script query parameter

  • The System Tweak “Display random version number to all non-administrative users” is an obscurity feature which strips the version number on scripts in the front-end header.

    However, it does this by (lazily) removing all query parameters from all script source links. This of course breaks any scripts which have parameters other than a version number. For example,
      http://fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,400,700|Shadows+Into+Light+Two
    becomes
      http://fonts.googleapis.com/css
    And
      http://maps.googleapis.com/maps/api/js?sensor=false
    becomes
      http://maps.googleapis.com/maps/api/js

    Basically, it will break any Google API script.

    The function to blame is remove_script_version() on line 825 of better-wp-security/inc/secure.php

    Function as is:

    function remove_script_version( $src ){
      $parts = explode( '?', $src );
      return $parts[0];
    }

    My improved version:

    function remove_script_version( $src ){
      $parts = explode( '?ver=', $src, 2 );
      if ( count($parts) == 1 ) {
        $parts = explode( '&ver=', $src, 2 );
      }
      return $parts[0];
    }

    It would be great if this could be fixed in the next release.

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Plugin: Better WP Security] Random version number tweak strips all script query parameter’ is closed to new replies.