Support » Plugin: Search Engine Optimization redirect editor » Redirects are totally broken

  • Resolved jondaley

    (@jondaley)


    Not sure what you are up to, but you’ve removed everything in this plugin except a paid subscription link and your mailing list.

    Last version that worked was 2.3.0.

Viewing 15 replies - 1 through 15 (of 19 total)
  • Plugin Author zuda

    (@zuda)

    We just checked and it still works all features available. We did remove the security check as no one paid for the premium version and it was costing us 300 dollars a year to let you use it for for free. The redirect editor is still there as are some SEO features we’ve put links in.

    If you could provide the operating system and version of wordpress you’re running. we are happy to help you out.

    Thread Starter jondaley

    (@jondaley)

    That’s interesting.

    How is the function “redirect” being called? You’ll note that the hook was removed.

    Plugin Author zuda

    (@zuda)

    We would be happy to take a look at the older version you have and ensure everything is functioning as it is supposed to be. Unfortunately, there is no data in this post to help us with that. Ensuring the functionality and accuracy of our software is very important to us.

    Thread Starter jondaley

    (@jondaley)

    I’m not sure what you mean by “older version”.

    I’m using the latest version you have released and also looking at your code repository:

    https://plugins.svn.wordpress.org/redirect-editor/trunk/redirect-editor.php

    You’ll notice that the function redirect() is never called from anywhere, so there is no way for this plugin to actually work.

    Perhaps you have a different version of the code in your own computer than what you have released to the public.

    But in any case, just like the last bug which I reported, you have proven to me that your plugins cannot be trusted. I’m out.

    Plugin Author zuda

    (@zuda)

    You mentioned 2.3.0, that is what we are referring to.

    Plugin Author zuda

    (@zuda)

    “You’ll notice that the function redirect() is never called from anywhere, so there is no way for this plugin to actually work.” We just want to let you know we are highly investigating any irregularities in the code. we have spent over a thousand dollars ensuring the functionality and usefulness of this free, open source program. Our commitment to the open source community never wavers, we have a team looking into this right now.

    “just like the last bug which I reported, you have proven to me that your plugins cannot be trusted. I’m out.”

    We are certainly sorry you feel that way. We are always working to give you the best software and we are addressing any possible issue in the code right now.

    • This reply was modified 1 year ago by zuda.
    Thread Starter jondaley

    (@jondaley)

    I said 2.3 was the last version that worked. I linked to your trunk code, which has the same bug that your latest released version has. Please do a search for redirect() and note that your code never calls the function…

    Scary.

    Plugin Author zuda

    (@zuda)

    Thank you for your perspective, however the versions have worked great since 2.3. 2.3 is interesting for you to mention it. If we recall that version correctly from our documentation, we had just inherited the program and had fixed very big gaping security flaws. 2.3 was the last version where the former programmer made redirects able to be changed by anyone in the entire world with no authorization.

    Having that section of that code work flawlessly across all platforms and configurations has been challenging off and on. We have to balance security and of course functionality, but we are a security company, so we take security as paramount.

    We are aware of the error you are mentioning and will have it addressed shortly. We have a team working on making it function the best, most secure way possibly without impairing usability.

    Thread Starter jondaley

    (@jondaley)

    I agree that you made a lot of changes. You just also happened to break the whole thing. I’m glad you are now aware of the “problem”… I just don’t understand how you thought it worked for so long. It is an easy fix, you just need to put the hook back the way it was in 2.3. I used pre_get_posts, I can’t remember if that is how the previous author did it or not.

    • This reply was modified 1 year ago by jondaley.
    Plugin Author zuda

    (@zuda)

    This was accidentally put within a security if statement, so we just moved the pre_get_posts outside of the security if and now the redirects are improved. Apologies for the inconvenience.

    Thread Starter jondaley

    (@jondaley)

    And by “improved” you mean “actually does anything”, since the call didn’t exist at all, not “inside an if statement”…

    • This reply was modified 1 year ago by jondaley. Reason: I didn't actually check the code before replying - since the correct fix was a one-line fix, I assumed they would do it correctly, and marked this thread resolved, but it isn't, because they introduced at least two bugs
    Thread Starter jondaley

    (@jondaley)

    Hm. I don’t know why you put in that extra stuff in addition to turning on redirects.

    At least one line is not correct, and breaks the code, since the function doesn’t exist.

    And the code for the new undocumented function for disable_api isn’t correct either, since the isset() is only used once. And I don’t know why you show stuff if disable is set to 1, that appears to be backwards in the best case.

    Plugin Author zuda

    (@zuda)

    We have everything working great in the version we published 2 minutes ago. We have spent a lot of time making sure this free, open source plugin is the best on WordPress.

    Thread Starter jondaley

    (@jondaley)

    Not really.

    Look at your logic for disable_api:

    disable_api = get_setting(…)
    if(isset(disable_api))
    disable_api = …;

    and then you use disable_api later without checking whether it is set or not.
    It is possible that get_setting always returns an object, so then your code actually works, but why use isset() if it is always true in that case.

    if the isset() is ever false, you will have a PHP error/warning when you use it later (on the preg_match line).

    In my opinion, I would want all of the undocumented code removed, especially since you have to set disable_api = 1 to enable it, which is non-intuitive.

    I also don’t think that code does what you think it does, since I wouldn’t think you would need to add an RSD or wlwmanifest link if you are logged in, that isn’t how those links are found – e.g. if my blog is going to try to link to your blog, it will run a cURL request separately from the browser, so that current_user_can() check will always be false when it is actually needed. Not to mention that all of that code is there by default, so normally plugins remove those hooks if necessary, and don’t doubly add them.

    Not to mention that it is weird that a redirect-editor plugin does anything with RSD links at all. That would be completely unexpected behavior by all of your users.

    And then of course, the “erase_header_junk” call is just broken as well.

    Plugin Author zuda

    (@zuda)

    You are referring to 3.7, 3.8 doesn’t have any of the code you mentioned above.

Viewing 15 replies - 1 through 15 (of 19 total)
  • The topic ‘Redirects are totally broken’ is closed to new replies.