WordPress.org

Support

Support » Plugins and Hacks » [Plugin: WP-RecentComments] v2.1 Removes Feature When Sec. Vuln. Could Be Fixed

[Plugin: WP-RecentComments] v2.1 Removes Feature When Sec. Vuln. Could Be Fixed

  • v2.1 Unnecessarily Removes Feature When Security Vulnerability Could Be Fixed

    In your v2.1 update (in response to the security vulnerability found in v2.0.7 and lower), instead of easily fixing the issue, you’ve instead chosen to completely remove the feature of being able to fetch the full comment content!? That feature is the reason why I chose your plugin over others. You really didn’t need to remove that, instead just sanitize the $id (the same way you did for the rc-ajax action’s $page value) by type casting it as an integer with “(int)”:

    change:

    ...
    } else if($_GET['action'] == 'rc-content') {
        $id = $_GET["id"];
        echo rc_get_content($id);
        ...

    to:

    ...
    } else if($_GET['action'] == 'rc-content') {
        $id = (int)$_GET["id"]; //JUST (int) IT!
        echo rc_get_content($id);
        ...

    http://wordpress.org/extend/plugins/wp-recentcomments/

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: WP-RecentComments] v2.1 Removes Feature When Sec. Vuln. Could Be Fixed’ is closed to new replies.