Support » Plugin: WP-Amazon-Carousel » [Plugin: WP-Amazon-Carousel] Warning, This plugin is a TROJAN

  • This Plugin exhibits behavior like “jeffbert’s” Amazon search plugin. In other words if you modify this plugin according to the instructions he gives here online and in the readme of the plugin HE IGNORES your affiliate ID and instead sets his ID by default. In this one he appears to have left in a debugging echo to see which tag he was setting.

    I do not think this is an innocent or beginner mistake because the code from his Amazon-search plugin has layered filters in two languages for anyone setting their own amazon affiliate ID. This can be verified by running the code and reviewing the actual page that is output.

    Here is the “fix” in the PHP code from the plugin:


    Plugin URI:
    Description: This plugin lets you create an Amazon Carousel widget in a brain-dead, simple way. It's as easy as typing [carousel] anywhere in your post and you get a beautiful Flash widget with Amazon products.
    Author: Zahid Khan
    Version: 1.6
    Author URI:
    // Chance the constants below to customize this plugin
    define("DEFAULT_WIDTH", "500");
    define("DEFAULT_HEIGHT", "175");
    define("DEFAULT_TAG", "wp-carousel-20"); <<<-- ! By Default
    define("DEFAULT_CATEGORY", "Books");
    define("DEFAULT_SHOW_BORDER", "False");
    define("DEFAULT_SHUFFLE_PRODUCTS", "False");
    define("DEFAULT_MARKETPLACE", "US");
    // [carousel]
    function carousel_func($atts) {
    'tag' => 'wp-carousel-20', <<<<-- ! THIS SHOULD BE DEFAULT_TAG
    'width' => DEFAULT_WIDTH,
    'height' => DEFAULT_HEIGHT,
    'category' => DEFAULT_CATEGORY,
    'browse_node' => '',
    'title' => '',

    I’m not analyzing this code further. His javascript code in his Amazon search plugin ignored the value when it got through the plugin’s PHP code 1 out 5 times. So that means 0 out of 0. This one has the same type of line but the call is rand(1,10).

  • The topic ‘[Plugin: WP-Amazon-Carousel] Warning, This plugin is a TROJAN’ is closed to new replies.