Support » Plugin: Search Exclude » Removal of search exclude from wordpress.org

  • Resolved hmabpera

    (@hmabpera)


    How serious is the reason that search exclude plugin has been removed from wordpress.org.
    I understand it’s removal is temporary. It would be good to know the reason why it has been removed and when it will be restored. thanks.

Viewing 6 replies - 16 through 21 (of 21 total)
  • Thanks for getting this sorted. I can build again!

    Plugin Author pronskiy

    (@pronskiy)

    Folks,

    I’ve released 1.2.4 update with the fix. Please, update your instances.

    Details:
    There were two main issues found by Plugin review team.
    1) The page /wp-admin/options-general.php?page=search_exclude which lists all the excluded pages/posts allowed editing and bring back to search results the selected items. This form was lacking permissions check and technically allowed any user to show edit excluded list.
    2) When doing bulk edit, plugin was missing user capabilities check. I.e. any logged-in user could edit excluded list.

    These issues were fixed and I’ve added some additional data filtering to improve plugin security as suggested by PLugin Review Team.

    • This reply was modified 2 months, 1 week ago by pronskiy.

    Awesome thank you!

    Fixed, thanks!

    Plugin Author pronskiy

    (@pronskiy)

    Folks, I’ve tagged 1.2.5 release with an additional protection (against potential CSRF) suggested by Plugin review team.

    @pronskiy – any update on this? I am still showing hidden pages in search results. I am on version 1.2.5.

    For example: 2 pages that start with “Confirm” and 2 pages that start with “Thanks” are hidden, but show up when I search for “coupons”: https://www.maxiwalker.com/?s=coupon

    • This reply was modified 1 month, 2 weeks ago by sdor.
Viewing 6 replies - 16 through 21 (of 21 total)
  • You must be logged in to reply to this topic.