Thanks for this plugin. I have 2 fixes:
1. Most important, WP 3.3.2 is shipping with an updated swfobject.js (version 2.2-20120417) which has a possible security fix patched onto the 2.2 version provided Google and this plugin. This is especially important because the plugin deregisters the better WP version. Development of Swfobject 2.3 seems to be on Github, not at Google. The diff here: http://core.trac.wordpress.org/changeset/20499 is the diff between the older Google version and the newer WP version, and the issue may be IE9-only.
2. Some warning notices when in WP_DEBUG mode.
Notice: wp_deregister_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or init hooks.
Notice: wp_enqueue_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or init hooks.
Notice: has_cap was called with an argument that is deprecated since version 2.0! Usage of user levels by plugins and themes is deprecated. Use roles and capabilities instead.
I have a patched version of the plugin I will post here.
My fixes are in this version of kml_flashembed.php :
The diff is indicated by comments in the code.
Thanks for finding these issues, Kitchin. I’ll roll them into the plugin, test it out and release an update as time allows.
Thank you for your plugin, it has saved me a lot of time.
Found one bug in my code. New version is 2012/05/28, fix is at line 55.
- The topic ‘[Plugin: Kimili Flash Embed] security / swfobject.js in WP newer than Google’ is closed to new replies.